NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2003-09

Re: smtp auth with sasl and ldap

From: Tony Earnshaw (tonnibilly.demon.nl)
Date: Tue Sep 02 2003 - 09:01:50 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Karl Meisterheim wrote:

> I'm trying to setup smpt auth in postfix using sasl to talk to my ldap
> server, all on RH 8.
> I've done this successfully in the past, but am now running into an
> error I cannot find my way around.

I have Postfix 2.0.14 working on RH 7.2 (much modified) with Pascal
Giengers ldap auxprop libraries. I've never used (only tried it and
found out it worked and I wasn't satisfied with it) saslauthd and
pam_ldap. For the rest, all my stuff to do with this is the newest,
self-compiled.

[...]

> /etc/pam.d/smtp
> auth sufficient /lib/security/pam_ldap.so debug
> auth required /lib/security/pam_unix_auth.so try_first_pass debug
> account sufficient /lib/security/pam_ldap.so debug
> account required /lib/security/pam_unix_acct.so debug

This was my /etc/pam.d/smtp that worked.

auth required /lib/security/pam_ldap.so
account required /lib/security/pam_ldap.so
password required /lib/security/pam_ldap.so use_authtok
session required /lib/security/pam_ldap.so

(No regular Unix pam libraries)

> /usr/lib/sasl/smtp
> pwcheck_method: pam
>
> /etc/ldap.conf
> host MY.DOMAIN.NAME
> base ou=People,dc=the-jci,dc=org
> uri ldaps://MY.DOMAIN.NAME/
> rootbinddn cn=MYADMIN,dc=the-jci,dc=org
<<<<<<<<<<
nss_base_passwd dc=example,dc=com?sub
nss_base_shadow dc=example,dc=com?sub
nss_base_group dc=example,dc=com?sub
<<<<<<<<<<<
> pam_password exop
> ssl start_tls
> ssl on
> tls_ciphers TLSv1
> tls_cert /etc/openldap/slapd.pem
> tls_key /etc/openldap/slapd.pem

> saslauthd -v
> saslauthd 2.1.10
> authentication mechanisms: getpwent kerberos5 pam rimap shadow

I use CRAM-MD5 and DIGEST-MD5 with the modified ldap auxprop libs. Can
you use pam_ldap and nss_ldap for normal user authentication?

Contact me off list if you think I might be able to help. This is more
LDAP and SASL than Postfix.

--Tonni

--
Tony Earnshaw

Looking backwards is always easy with hindsight

http://www.billy.demon.nl
Mail: tonnibilly.demon.nl

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]