[Postfixbuch-users] Postfix + LDAP + SASL will nicht ...
Torben
toha0002 at stud.fh-kl.de
Mo Dez 29 19:58:20 CET 2008
Hallo zusammen,
ich versuche seit Tagen, Postfix, LDAP und SASL unter einen Hut zu
bringen. Leider funktioniert es bis jetzt noch gar nicht. Vielleicht
kann mich jemand mit Tips unterstuetzen.
--- /etc/postfix/main.cf ---
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file = /etc/ssl-cacert/mail/mail.crt
smtpd_tls_key_file = /etc/ssl-cacert/mail/mail.key.decrypted
smtp_tls_CAfile = /etc/ssl-cacert/mail/cacert.crt
smtpd_use_tls=yes
smtpd_sasl_application_name = smtpd
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, check_relay_domains
myhostname = mydomain.tld
myorigin = /etc/mailname
relayhost =
mydomain = $myhostname
relay_domains = $mydomain
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
local_transport = virtual
virtual_mailbox_base = /
virtual_mailbox_maps = ldap:ldapvirtual
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_minimum_uid = 500
virtual_mailbox_limit = 0
ldapvirtual_server_host = localhost
ldapvirtual_server_port = 389
ldapvirtual_bind = yes
ldapvirtual_bind_dn = cn=admin,dc=mydomain,dc=tld
ldapvirtual_bind_pw = {SSHA}<password>
ldapvirtual_search_base = ou=user,dc=mydomain,dc=tld
ldapvirtual_query_filter = (&(|(mail=%s)(mailAlternateAddress=%s))(|
(AccountStatus=active)(accountStatus=shared)))
ldapvirtual_result_attribute = mailMessageStore
mydestination = $myhostname, localhost.$mydomain,
localhost.localdomain, ldap:acceptdomains
acceptdomains_server_host = $ldapvirtual_server_host
acceptdomains_server_port = $ldapvirtual_server_port
acceptdomains_bind = $ldapvirtual_bind
acceptdomains_bind_dn = $ldapvirtual_bind_dn
acceptdomains_bind_pw = $ldapvirtual_bind_pw
acceptdomains_search_base = $ldapvirtual_search_base
acceptdomains_query_filter = (associatedDomain=*)
acceptdomains_result_attribute = associatedDomain
virtual_maps = ldap:ldapalias
ldapalias_server_host = $ldapvirtual_server_host
ldapalias_server_port = $ldapvirtual_server_port
ldapalias_bind = $ldapvirtual_bind
ldapalias_bind_dn = $ldapvirtual_bind_dn
ldapalias_bind_pw = $ldapvirtual_bind_pw
ldapalias_search_base = $ldapvirtual_search_base
ldapalias_query_filter = (&(|(mail=%s)(mailAlternateAddress=%s))(|
(AccountStatus=active)(AccountStatus=shared)))
ldapalias_result_attribute = mail
--- /etc/postfix/master.cf ---
smtp inet n - n - - smtpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
-o smtp_fallback_relay=
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f
$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
--- /etc/postfix/sasl/smtpd.conf ---
pwcheck_method: saslauthdb
--- /etc/saslauthd.conf ---
ldap_servers: ldap://127.0.0.1:389
ldap_bind_dn: cn=admin,dc=mydomain,dc=tld
ldap_password: <cleartextpassword>
ldap_search_base: ou=user,dc=mydomain,dc=tld
ldap_filter: uid=%u
ldap_password_attr: userPassword
--- /etc/default/saslauthd ---
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="ldap"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -O /etc/
saslauthd.conf -r"
--- /etc/ldap/slapd.conf
allow bind_v2
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/qmail.schema
pidfile /var/run/slapd/slapd.pid
loglevel 256
modulepath /usr/lib/ldap
moduleload back_hdb
database hdb
suffix "dc=mydomain,dc=tld"
rootdn "cn=admin,dc=mydomain,dc=tld"
rootpw {SSHA}<password>
sasl-regexp
uid=(.*),cn=DIGEST-MD5,cn=auth
ldap:///ou=user,dc=mydomain,dc=tld??sub?(&(uid=$1)
(objectclass=person))
sasl-regexp
uid=(.*),cn=PLAIN,cn=auth
ldap:///ou=user,dc=mydomain,dc=tld??sub?(&(uid=$1)
(objectclass=person))
directory "/var/lib/ldap/test"
dbconfig set_cachesize 0 2097152 1
dbconfig set_lg_bsize 2097152
index default pres,eq
index objectClass eq
lastmod on
access to attrs=userPassword
by self write
by * auth
access to *
by * read
--- user.ldif ---
dn: cn=John Doe, ou=user, dc=mydomain, dc=tld
userPassword: test
givenName: John
sn: Doe
mailMessageStore: /home/vmail/mydomain.tld/john/Maildir/
mail: john at mydomain.tld
mailAlternateAddress: jdoe at example.com
ou: Doe
uid: jdoe
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: qmailUser
accountStatus: active
cn: John Doe
So, dies erstmal (hoffentlich) alle Config-Files, die relevant sein
koennten. Ein testsaslauthd bringt:
root at linux:~# testsaslauthd -u jdoe -p test -s smtp
0: NO "authentication failed"
In der /var/log/syslog steht draufhin:
Dec 29 19:53:13 h1045679 slapd[1792]: conn=6 op=1 UNBIND
Dec 29 19:53:13 h1045679 slapd[1792]: conn=6 fd=14 closed
Dec 29 19:53:13 h1045679 slapd[1792]: conn=12 fd=14 ACCEPT from
IP=127.0.0.1:58231 (IP=0.0.0.0:389)
Dec 29 19:53:13 h1045679 slapd[1792]: conn=12 op=0 BIND
dn="cn=admin,dc=mydomain,dc=tld" method=128
Dec 29 19:53:13 h1045679 slapd[1792]: conn=12 op=0 RESULT tag=97
err=49 text= # <--- bis hier hin, und nicht
weiter
Hat jemand eine Idee, was falsch sein koennte? Ich seh mittlerweile
den Wald vor lauter Baeumen nicht mehr. :-(
Gruesse, Torben
Mehr Informationen über die Mailingliste Postfixbuch-users