NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2005-04

Re: openldap+sasl or not?

From: sam wun (sam.wunauthtec.com)
Date: Sat Apr 02 2005 - 06:07:51 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Magnus Bäck wrote:

>On Saturday, April 02, 2005 at 13:21 CEST,
> sam wun <sam.wunauthtec.com> wrote:
>
>
>
>>I m a bit confused using openldap with sasl2 for postfix.
>>Should I build openldap+sasl2 for postfix?
>>
>>
>
>What do you mean? If you want SASL2 support in Postfix, build Postfix
>with SASL support enabled. If you want LDAP support in SASL2, build
>SASL2 with LDAP support enabled.
>
>
>
I want to build Postfix with SASL2 support. Since SASL2 can be built
with Openldap, when Postfix require authentication with SASL2, the
authenticaiton will actuall goes to Openldap, eg.:
Postfix -> SASL2 ->Openldap
Instead of:
Postfix - > Openldap -> SASL2

Correct me if I am wrong, I want to make this logic right first. Because
currently I built openldap2+sasl2 first, then secondly built
Postfix+SASL2+Openldap2.
I don't know the work-flow between these components.

>>As far as I known, sasl2 uses saslauthd for authentication. All user
>>credential will be stored in sasldb2 file.
>>
>>
>
>sasldb2 is only one of the available authentication backends.
>Via auxprop you can authentication against e.g. LDAP, MySQL,
>and PostgreSQL databases.
>
>
>
yes, this remind me when start up saslauthd, I can pass in the
commandline argument of "-r -a pam", so subsitute pam with ldap to make
saslauthd calls ldap instead of pam.

>>With openldap, I supposed all user credential stored in ldap db. Am I
>>correct?
>>
>>
>
>Yes, if you configure SASL to lookup credentials in LDAP you must store
>the credentials in LDAP.
>
>
>
So far, I might be have built the right stuff. But I m not sure how to
input correct information into the ldap database.The version of openldap
I used is version 2.2. Is there any handy script or guideline that I can
use to make a correct startup of the ldap first?
Currently I have the following configuration files in the etc directory:
...local/etc]# ls -l
total 28
drwxr-xr-x 6 root wheel 512 Apr 2 19:37 ./
drwxr-xr-x 13 root wheel 512 Apr 2 18:19 ../
drwxr-xr-x 3 root wheel 512 Apr 2 19:24 openldap/
drwxr-xr-x 2 root wheel 512 Apr 2 18:19 pam.d/
drwxr-xr-x 3 root wheel 512 Apr 2 19:37 postfix/
drwxr-xr-x 2 root wheel 512 Apr 2 19:24 rc.d/
-rw-r----- 1 cyrus mail 16384 Apr 2 19:07 sasldb2.db
rootmailtest [8:04pm] [...etc/openldap]# ls -l
total 18
drwxr-xr-x 3 root wheel 512 Apr 2 19:24 ./
drwxr-xr-x 6 root wheel 512 Apr 2 19:37 ../
-rw-r--r-- 1 root wheel 246 Apr 2 19:24 ldap.conf
-rw-r--r-- 1 root wheel 246 Apr 2 19:24 ldap.conf.default
drwxr-xr-x 2 root wheel 1024 Apr 2 19:24 schema/
-rw------- 1 root wheel 2161 Apr 2 19:24 slapd.conf
-rw------- 1 root wheel 2161 Apr 2 19:24 slapd.conf.default
[...etc/postfix]# ls -l
total 212
drwxr-xr-x 3 root wheel 512 Apr 2 19:37 ./
drwxr-xr-x 6 root wheel 512 Apr 2 19:37 ../
-rw-r--r-- 1 root wheel 11942 Apr 2 19:37 LICENSE
-rw-r--r-- 1 root wheel 1629 Apr 2 19:37 TLS_LICENSE
-rw-r--r-- 1 root wheel 15524 Apr 2 19:37 access
-rw-r--r-- 1 root wheel 8240 Apr 2 19:37 aliases
-rw-r--r-- 1 root wheel 10987 Apr 2 19:37 canonical
drwxr-xr-x 2 root wheel 512 Apr 2 19:37 dist/
-rw-r--r-- 1 root wheel 9702 Apr 2 19:37 generic
-rw-r--r-- 1 root wheel 15658 Apr 2 19:37 header_checks
-rw-r--r-- 1 root wheel 25699 Apr 2 19:37 main.cf
-rw-r--r-- 1 root wheel 14293 Apr 2 19:37 main.cf.default
-rw-r--r-- 1 root wheel 1047 Apr 2 19:37 makedefs.out
-rw-r--r-- 1 root wheel 4166 Apr 2 19:37 master.cf
-rwxr-xr-x 1 root wheel 21980 Apr 2 19:37 post-install*
-rw-r--r-- 1 root wheel 17256 Apr 2 19:37 postfix-files
-rwxr-xr-x 1 root wheel 6366 Apr 2 19:37 postfix-script*
-rw-r--r-- 1 root wheel 6543 Apr 2 19:37 relocated
-rw-r--r-- 1 root wheel 11073 Apr 2 19:37 transport
-rw-r--r-- 1 root wheel 11662 Apr 2 19:37 virtual
rootmailtest [8:02pm] [...etc/rc.d]# ls -l
total 10
drwxr-xr-x 2 root wheel 512 Apr 2 19:24 ./
drwxr-xr-x 6 root wheel 512 Apr 2 19:37 ../
-r-xr-xr-x 1 root wheel 2496 Apr 2 19:24 slapd.sh*
-r-xr-xr-x 1 root wheel 691 Apr 2 19:24 slurpd.sh*
rootmailtest [8:02pm] [...etc/rc.d]#

Thanks very much for your comment.
Sam.

>>So if I want to use openldap for postfix+cyrus, what package should I
>>compile with?
>>
>>
>
>That depends on how and what you want to access via LDAP. You have not
>explained the problem you are trying to solve.
>
>
>

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]