Doug Campbell wrote:
After much additional testing I think I have solved the SASL related problems.
The second issue must be due to a change from 2.2 to 2.3 of OpenLDAP (I think). Basically, the credentials for uidNumber and gidNumber were being passed in the opposite order in 2.3 from what they were in 2.2. So I just changed my authz-regexp statement to:
Yes, this changed between 2.2 and 2.3. It was always wrong in 2.1-2.2;
the rules for constructing multi-valued RDNs state that the attributes
should be sorted in alphabetical order. We never released the fix in
2.2, to avoid breaking compatibility within the 2.2.x stream.
authz-regexp gidNumber=(.*)\\+uidNumber=(.*),cn=peercred,cn=external,cn=auth
ldap:///dc=securemail,dc=swro,dc=local??sub?(&(uidNumber=$2)(gidNumber=$1))
These changes allowed me to successfully SMTP AUTH to the postfix server BUT I am still having the issue with cyrus-imapd.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
