Re: Postfix, SASL and LDAPDB [definitely solved]

• Previous message: Sharma, Ashish: "RE: Mail filters not running behind a controlled enviornment"
• In reply to: Julien Vehent: "Re: Postfix, SASL and LDAPDB [definitely solved]"
• Next in thread: Julien Vehent: "Re: Postfix, SASL and LDAPDB [definitely solved]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Mon, May 24, 2010 at 07:30:56PM +0200, Julien Vehent wrote:

> Final solution provided by the Openldap mailing list:
>
> > Just change your authz-regexp line to
> >
> > authz-regexp "^uid=([^,]+).*,cn=[^,]*,cn=auth$"
> > "ldap:///dc=linuxwall,dc=info??sub?(|(uid=$1)(mail=$1))"
>
>
> And the authentication works.
> I think it's worth a line in the sasl howto to explain that postfix will
> use the email value to authenticate the user, and therefore the authz-regex
> should take it into account...

This looks wrong. As Patrick points out you are likely confusing
authentication realms (user at realm principals) with email addresses.
DON'T. Rather configure Postfix with an empty or other correct setting
of the realm that will work correctly without matching user at mail again
email addresses.

-- 
	Viktor.
P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment.  If you are interested, please drop me a note.

• Previous message: Sharma, Ashish: "RE: Mail filters not running behind a controlled enviornment"
• In reply to: Julien Vehent: "Re: Postfix, SASL and LDAPDB [definitely solved]"
• Next in thread: Julien Vehent: "Re: Postfix, SASL and LDAPDB [definitely solved]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]