Thanks for your help Perhaps, you misunderstood my idea. I don't want to use LDAP over SASL authentication I want to use Postfix over SASL authentication And SASL get password database from LDAP ( LDAP's information in the previous message) Thanks -----Original Message----- From: cyrus-sasl-bounces@xxxxxxxxxxxxxxxxxxxx [mailto:cyrus-sasl-bounces@xxxxxxxxxxxxxxxxxxxx] On Behalf Of cyrus-sasl-request@xxxxxxxxxxxxxxxxxxxx Sent: Tuesday, December 11, 2007 1:57 PM To: cyrus-sasl@xxxxxxxxxxxxxxxxxxxx Subject: Cyrus-sasl Digest, Vol 29, Issue 6 Send Cyrus-sasl mailing list submissions to cyrus-sasl@xxxxxxxxxxxxxxxxxxxx To subscribe or unsubscribe via the World Wide Web, visit https://lists.andrew.cmu.edu/mailman/listinfo/cyrus-sasl or, via email, send a message with subject or body 'help' to cyrus-sasl-request@xxxxxxxxxxxxxxxxxxxx You can reach the person managing the list at cyrus-sasl-owner@xxxxxxxxxxxxxxxxxxxx When replying, please edit your Subject line so it is more specific than "Re: Contents of Cyrus-sasl digest..." Today's Topics: 1. SASL over LDAP don't work (NguyenHuynh) 2. RE: SASL over LDAP don't work (Guus Leeuw jr.) ---------------------------------------------------------------------- Message: 1 Date: Tue, 11 Dec 2007 11:23:53 +0700 From: "NguyenHuynh" <huynhnguyen@xxxxxxxxxx> Subject: SASL over LDAP don't work To: <cyrus-sasl@xxxxxxxxxxxxxxxxxxxx> Message-ID: <20071211042353.53A63B170F@xxxxxxxxxxxxxx> Content-Type: text/plain; charset="us-ascii" SASL over LDAP I'm trying to using SASL over LDAP for authentication but I don't still work yet Details: OS: FreeBSD Packages: cyrus-sasl-2.1.22 RFC 2222 SASL (Simple Authentication and Security Layer) cyrus-sasl-ldapdb-2.1.22 SASL LDAPDB auxprop plugin cyrus-sasl-saslauthd-2.1.22 SASL authentication server for cyrus-sasl2 postfix-current-2.5.20071006,4 A secure alternative to widely-used Sendmail Configure SASL in main.cf for postfix: ........ smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination, permit_mynetworks, reject smtpd_sasl_authenticated_header = yes ........ Configure SASL for authentication: #vi /usr/local/lib/sasl2/smtpd.conf pwcheck_method: saslauthd auxprop_plugin: ldap mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 Configure LDAP server's details for SASL-ldapdb: #vi /usr/local/etc/saslauthd.conf ldap_servers: ldap://192.168.1.70 ldap_search_base: dc=yescall,dc=com,dc=vn ldap_bind_dn: cn=admin,dc=yescall,dc=com,dc=vn ldap_password: 123 ldap_filter: (&(objectClass=qmailUser)(mail=%u)(accountStatus=active)) the details of one node in my LDAP dn: cn=huynhnguyen,dc=yescall.com.vn,o=hosting,dc=yescall,dc=com,dc=vn accountStatus: active cn: huynhnguyen homeDirectory: /vmail/hosting/yescall.com.vn/huynhnguyen mailMessageStore: /vmail/hosting/yescall.com.vn/huynhnguyen/Maildir/ objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: qmailUser objectClass: CourierMailAccount sn: Nguyen Dac Huynh2 structuralObjectClass: inetOrgPerson entryUUID: f069f88e-1c17-102c-93d5-25c7f79a19b1 creatorsName: cn=admin,dc=yescall,dc=com,dc=vn createTimestamp: 20071031161319Z mailHost: mail.mikorn.com userPassword:: aWtvcm40MTI4NA== mail: huynhnguyen@xxxxxxxxxxxxxx entryCSN: 20071205114520.832948Z#000000#000#000000 modifiersName: cn=admin,dc=yescall,dc=com,dc=vn modifyTimestamp: 20071205114520Z Start saslauthd: #saslauthd -a ldap /usr/local/etc/saslauthd.conf I always have authentication fails when using testsaslauth My problems: - Must I have a schema in LDAP for SASL only? - Does it neccessary to change my node in LDAP to another structure which is suitable with SASL - How can I use ldap_filter better in this case? Could anybody help me to solve this problem? I'm a newbie in OpenSource. I'm not good in English. Sorry if any problem Thank you for your careness Thanks & Best Regards, Nguyen Dac Huynh System Engineer Mirae Ikorn Co., Ltd -------------- next part -------------- An HTML attachment was scrubbed... URL: https://lists.andrew.cmu.edu/mailman/private/cyrus-sasl/attachments/20071211 /dd34142a/attachment-0001.html ------------------------------ Message: 2 Date: Tue, 11 Dec 2007 06:56:45 -0000 From: "Guus Leeuw jr." <guus.leeuw@xxxxxxxxxxxxxxx> Subject: RE: SASL over LDAP don't work To: "'NguyenHuynh'" <huynhnguyen@xxxxxxxxxx>, <cyrus-sasl@xxxxxxxxxxxxxxxxxxxx> Message-ID: <00d201c83bc2$feeae400$fcc0ac00$@leeuw@guusleeuwit.com> Content-Type: text/plain; charset="us-ascii" Y'ello, First of all, make sure to read the LDAP Admin Guide at www.openldap.org! Then, make sure to double check with Turbo's KRB + SASL + OpenLDAP Howto at www.bayour.com. (Forget about the KRB stuff there, he's got some very good hints at testing the security install etc.) As a general rule, you don't want LDAP to be your password database, instead you want LDAP to use SASL to connect to something more useful like Kerberos or RADIUS or a combination or something else. This is simply because LDAP is not meant to be a password database, but rather an information store (as in: the telephone book in your country doesn't list the PIN code for the people's bank cards...). If all else fails, you can always post the exact error you are getting, increase debug levels all over the place, and make sure to cut and paste the relevant log entries to the mailing list. A query akin your own query will not necessarily give any useful hints to other people as to why things would fail in your particular situation. Regards, Guus From: cyrus-sasl-bounces@xxxxxxxxxxxxxxxxxxxx [mailto:cyrus-sasl-bounces@xxxxxxxxxxxxxxxxxxxx] On Behalf Of NguyenHuynh Sent: 11 December 2007 04:24 To: cyrus-sasl@xxxxxxxxxxxxxxxxxxxx Subject: SASL over LDAP don't work SASL over LDAP I'm trying to using SASL over LDAP for authentication but I don't still work yet Details: OS: FreeBSD Packages: cyrus-sasl-2.1.22 RFC 2222 SASL (Simple Authentication and Security Layer) cyrus-sasl-ldapdb-2.1.22 SASL LDAPDB auxprop plugin cyrus-sasl-saslauthd-2.1.22 SASL authentication server for cyrus-sasl2 postfix-current-2.5.20071006,4 A secure alternative to widely-used Sendmail Configure SASL in main.cf for postfix: ........ smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination, permit_mynetworks, reject smtpd_sasl_authenticated_header = yes ........ Configure SASL for authentication: #vi /usr/local/lib/sasl2/smtpd.conf pwcheck_method: saslauthd auxprop_plugin: ldap mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 Configure LDAP server's details for SASL-ldapdb: #vi /usr/local/etc/saslauthd.conf ldap_servers: ldap://192.168.1.70 ldap_search_base: dc=yescall,dc=com,dc=vn ldap_bind_dn: cn=admin,dc=yescall,dc=com,dc=vn ldap_password: 123 ldap_filter: (&(objectClass=qmailUser)(mail=%u)(accountStatus=active)) the details of one node in my LDAP dn: cn=huynhnguyen,dc=yescall.com.vn,o=hosting,dc=yescall,dc=com,dc=vn accountStatus: active cn: huynhnguyen homeDirectory: /vmail/hosting/yescall.com.vn/huynhnguyen mailMessageStore: /vmail/hosting/yescall.com.vn/huynhnguyen/Maildir/ objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: qmailUser objectClass: CourierMailAccount sn: Nguyen Dac Huynh2 structuralObjectClass: inetOrgPerson entryUUID: f069f88e-1c17-102c-93d5-25c7f79a19b1 creatorsName: cn=admin,dc=yescall,dc=com,dc=vn createTimestamp: 20071031161319Z mailHost: mail.mikorn.com userPassword:: aWtvcm40MTI4NA== mail: huynhnguyen@xxxxxxxxxxxxxx entryCSN: 20071205114520.832948Z#000000#000#000000 modifiersName: cn=admin,dc=yescall,dc=com,dc=vn modifyTimestamp: 20071205114520Z Start saslauthd: #saslauthd -a ldap /usr/local/etc/saslauthd.conf I always have authentication fails when using testsaslauth My problems: - Must I have a schema in LDAP for SASL only? - Does it neccessary to change my node in LDAP to another structure which is suitable with SASL - How can I use ldap_filter better in this case? Could anybody help me to solve this problem? I'm a newbie in OpenSource. I'm not good in English. Sorry if any problem Thank you for your careness Thanks & Best Regards, Nguyen Dac Huynh System Engineer Mirae Ikorn Co., Ltd -------------- next part -------------- An HTML attachment was scrubbed... URL: https://lists.andrew.cmu.edu/mailman/private/cyrus-sasl/attachments/20071211 /952d21f1/attachment.html ------------------------------ _______________________________________________ Cyrus-sasl mailing list Cyrus-sasl@xxxxxxxxxxxxxxxxxxxx https://lists.andrew.cmu.edu/mailman/listinfo/cyrus-sasl End of Cyrus-sasl Digest, Vol 29, Issue 6 *****************************************
