versuche derzeit Postfix, LDAP und SASL unter einen Hut zu bringen. Die Anmeldung von Courier am LDAP funktioniert bereits, allerdings klappt der Versand und die Authentifizierung per SASL nicht.
Meine Configs:
/etc/postfix/main.cf
Code: Select all
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file = /etc/ssl-cacert/mail/mail.crt
smtpd_tls_key_file = /etc/ssl-cacert/mail/mail.key.decrypted
smtp_tls_CAfile = /etc/ssl-cacert/mail/cacert.crt
smtpd_use_tls=yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
myhostname = mydomain.tld
myorigin = /etc/mailname
relayhost =
mydomain = $myhostname
relay_domains = $mydomain
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
local_transport = virtual
virtual_mailbox_base = /
virtual_mailbox_maps = ldap:ldapvirtual
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_minimum_uid = 500
virtual_mailbox_limit = 0
ldapvirtual_server_host = localhost
ldapvirtual_server_port = 389
ldapvirtual_bind = yes
ldapvirtual_bind_dn = cn=admin,dc=mydomain,dc=tld
ldapvirtual_bind_pw = geheim
ldapvirtual_search_base = ou=user,dc=mydomain,dc=tld
ldapvirtual_query_filter = (&(|(mail=%s)(mailAlternateAddress=%s))(|(AccountStatus=active)(accountStatus=shared)))
ldapvirtual_result_attribute = mailMessageStore
mydestination = $myhostname, localhost.$mydomain, localhost.localdomain, ldap:acceptdomains
acceptdomains_server_host = $ldapvirtual_server_host
acceptdomains_server_port = $ldapvirtual_server_port
acceptdomains_bind = $ldapvirtual_bind
acceptdomains_bind_dn = $ldapvirtual_bind_dn
acceptdomains_bind_pw = $ldapvirtual_bind_pw
acceptdomains_search_base = $ldapvirtual_search_base
acceptdomains_query_filter = (associatedDomain=*)
acceptdomains_result_attribute = associatedDomain
virtual_maps = ldap:ldapalias
ldapalias_server_host = $ldapvirtual_server_host
ldapalias_server_port = $ldapvirtual_server_port
ldapalias_bind = $ldapvirtual_bind
ldapalias_bind_dn = $ldapvirtual_bind_dn
ldapalias_bind_pw = $ldapvirtual_bind_pw
ldapalias_search_base = $ldapvirtual_search_base
ldapalias_query_filter = (&(|(mail=%s)(mailAlternateAddress=%s))(|(AccountStatus=active)(AccountStatus=shared)))
ldapalias_result_attribute = mail
Code: Select all
pwcheck_method: saslauthd
mech_list: plain
ldapdb_uri:ldap://127.0.0.1
ldapdb_id: cn=admin,dc=mydomain,dc=tld
ldapdb_pw: geheim
ldapdb_mech: PLAIN
Code: Select all
allow bind_v2
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/qmail.schema
pidfile /var/run/slapd/slapd.pid
loglevel 256
modulepath /usr/lib/ldap
moduleload back_hdb
database hdb
suffix "dc=mydomain,dc=tld"
rootdn "cn=admin,dc=mydomain,dc=tld
rootpw geheim
password-hash {CLEARTEXT}
sasl-regexp
uid=(.*),cn=DIGEST-MD5,cn=auth
ldap:///ou=user,dc=mydomain,dc=tld??sub?(&(uid=$1)(objectclass=person))
sasl-regexp
uid=(.*),cn=PLAIN,cn=auth
ldap:///ou=user,dc=mydomain,dc=tld??sub?(&(uid=$1)(objectclass=person))
directory "/var/lib/ldap/test"
dbconfig set_cachesize 0 2097152 1
dbconfig set_lg_bsize 2097152
index default pres,eq
index objectClass eq
lastmod on
access to attrs=userPassword
by self write
by * auth
access to * by * read
Code: Select all
ldap_servers: ldap://127.0.0.1/
ldap_bind_dn: cn=admin,dc=mydomain,dc=tld
ldap_bind_pw: geheim
ldap_timeout: 10
ldap_time_limit: 10
ldap_scope: sub
ldap_search_base: dc=user,dc=mydomain,dc=tld
ldap_auth_method: fastbind
ldap_filter: (uid=%u)
ldap_debug: 0
ldap_verbose: off
ldap_ssl: no
ldap_start_tls: no
ldap_referrals: yes
Code: Select all
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="ldap"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/run/saslauthd -O /etc/saslauthd.conf"
Code: Select all
Dec 28 22:01:07 ubuntu postfix/smtpd[32440]: warning: SASL authentication failure: Password verification failed
Dec 28 22:01:07 ubuntu postfix/smtpd[32440]: warning: [xx.xx.xx.xxx]: SASL PLAIN authentication failed: authentication failure
Vielen Dank,
mister_x
