Postfix + LDAP + SASL: kein Versand moeglich

mister_x
Posts: 6
Joined: 2006-11-06 13:02

Postfix + LDAP + SASL: kein Versand moeglich

Post by mister_x »

Hallo zusammen,

versuche derzeit Postfix, LDAP und SASL unter einen Hut zu bringen. Die Anmeldung von Courier am LDAP funktioniert bereits, allerdings klappt der Versand und die Authentifizierung per SASL nicht.

Meine Configs:

/etc/postfix/main.cf

Code: Select all

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file = /etc/ssl-cacert/mail/mail.crt
smtpd_tls_key_file = /etc/ssl-cacert/mail/mail.key.decrypted
smtp_tls_CAfile = /etc/ssl-cacert/mail/cacert.crt
smtpd_use_tls=yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
myhostname = mydomain.tld
myorigin = /etc/mailname
relayhost =
mydomain = $myhostname
relay_domains = $mydomain
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
local_transport = virtual
virtual_mailbox_base = /
virtual_mailbox_maps = ldap:ldapvirtual
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_minimum_uid = 500
virtual_mailbox_limit = 0
ldapvirtual_server_host = localhost
ldapvirtual_server_port = 389
ldapvirtual_bind = yes
ldapvirtual_bind_dn = cn=admin,dc=mydomain,dc=tld
ldapvirtual_bind_pw = geheim
ldapvirtual_search_base = ou=user,dc=mydomain,dc=tld
ldapvirtual_query_filter = (&(|(mail=%s)(mailAlternateAddress=%s))(|(AccountStatus=active)(accountStatus=shared)))
ldapvirtual_result_attribute = mailMessageStore
mydestination = $myhostname, localhost.$mydomain, localhost.localdomain, ldap:acceptdomains
acceptdomains_server_host = $ldapvirtual_server_host
acceptdomains_server_port = $ldapvirtual_server_port
acceptdomains_bind = $ldapvirtual_bind
acceptdomains_bind_dn = $ldapvirtual_bind_dn
acceptdomains_bind_pw = $ldapvirtual_bind_pw
acceptdomains_search_base = $ldapvirtual_search_base
acceptdomains_query_filter = (associatedDomain=*)
acceptdomains_result_attribute = associatedDomain
virtual_maps = ldap:ldapalias
ldapalias_server_host = $ldapvirtual_server_host
ldapalias_server_port = $ldapvirtual_server_port
ldapalias_bind = $ldapvirtual_bind
ldapalias_bind_dn = $ldapvirtual_bind_dn
ldapalias_bind_pw = $ldapvirtual_bind_pw
ldapalias_search_base = $ldapvirtual_search_base
ldapalias_query_filter = (&(|(mail=%s)(mailAlternateAddress=%s))(|(AccountStatus=active)(AccountStatus=shared)))
ldapalias_result_attribute = mail


/etc/postfix/sasl/smtpd.conf

Code: Select all

pwcheck_method: saslauthd
mech_list: plain
ldapdb_uri:ldap://127.0.0.1
ldapdb_id: cn=admin,dc=mydomain,dc=tld
ldapdb_pw: geheim
ldapdb_mech: PLAIN


/etc/ldap/slapd.conf

Code: Select all

allow bind_v2
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/qmail.schema
pidfile         /var/run/slapd/slapd.pid
loglevel                           256
modulepath      /usr/lib/ldap
moduleload      back_hdb
database        hdb
suffix          "dc=mydomain,dc=tld"
rootdn          "cn=admin,dc=mydomain,dc=tld
rootpw         geheim
password-hash   {CLEARTEXT}
sasl-regexp
  uid=(.*),cn=DIGEST-MD5,cn=auth
  ldap:///ou=user,dc=mydomain,dc=tld??sub?(&(uid=$1)(objectclass=person))
sasl-regexp
  uid=(.*),cn=PLAIN,cn=auth
  ldap:///ou=user,dc=mydomain,dc=tld??sub?(&(uid=$1)(objectclass=person))
directory       "/var/lib/ldap/test"
dbconfig set_cachesize  0 2097152 1
dbconfig set_lg_bsize   2097152
index           default                 pres,eq
index           objectClass             eq
lastmod         on
access to attrs=userPassword
        by self write
        by * auth
access to * by * read


/etc/saslauthd.conf

Code: Select all

ldap_servers: ldap://127.0.0.1/
ldap_bind_dn: cn=admin,dc=mydomain,dc=tld
ldap_bind_pw: geheim
ldap_timeout: 10
ldap_time_limit: 10
ldap_scope: sub
ldap_search_base: dc=user,dc=mydomain,dc=tld
ldap_auth_method: fastbind
ldap_filter: (uid=%u)
ldap_debug: 0
ldap_verbose: off
ldap_ssl: no
ldap_start_tls: no
ldap_referrals: yes


/etc/default/saslauthd

Code: Select all

START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="ldap"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/run/saslauthd -O /etc/saslauthd.conf"


Bei diesen Einstellungen bekomm ich ich folgende Fehlermeldung:

Code: Select all

Dec 28 22:01:07 ubuntu postfix/smtpd[32440]: warning: SASL authentication failure: Password verification failed
Dec 28 22:01:07 ubuntu postfix/smtpd[32440]: warning: [xx.xx.xx.xxx]: SASL PLAIN authentication failed: authentication failure


Hat jemand Erfahrungen mit Postfix+LDAP+SASL und kann mit Tipps geben?

Vielen Dank,

mister_x
Top

User avatar
Joe User
Project Manager
Project Manager
Posts: 11518
Joined: 2003-02-27 01:00
Location: Hamburg

Re: Postfix + LDAP + SASL: kein Versand moeglich

Post by Joe User »

Keine direkte Lösung, aber eventuell hilft es trotzdem: http://tom.scholten.nu/weblog/postfix_ldap_howto
PayPal.Me/JoeUserFreeBSD Remote Installation
Wings for LifeWings for Life World Run

„If there’s more than one possible outcome of a job or task, and one
of those outcomes will result in disaster or an undesirable consequence,
then somebody will do it that way.“ -- Edward Aloysius Murphy Jr.
Top