On Fri, 21 May 2010 08:41:17 -0500, Dan White <dwhite@xxxxxxx> wrote: > > What username are you logging in with to Postfix? The '-R linuxwall.info' > in your ldapwhoami may not be doing what you expect. > > Try using smtptest (which is part of cyrus imap). like: > > smtptest -a julien -m digest-md5 localhost ---- # smtptest -a julien -m digest-md5 localhost S: 220 samchiel.linuxwall.info ESMTP Postfix (Debian/GNU) C: EHLO example.com S: 250-samchiel.linuxwall.info S: 250-PIPELINING S: 250-SIZE 10240000 S: 250-VRFY S: 250-ETRN S: 250-AUTH LOGIN PLAIN DIGEST-MD5 S: 250-ENHANCEDSTATUSCODES S: 250-8BITMIME S: 250 DSN C: AUTH DIGEST-MD5 S: 334 bm9uY2U9Ijl0VzVVS0hkQkFUYlFuZ2lzb3ZHVStPZXBIcFk2cDh5ZjRoaDRVdk4yT2M9IixyZWFsbT0ibGludXh3YWxsLmluZm8iLHFvcD0iYXV0aCIsY2hhcnN ldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M= Please enter your password: C: dXNlcm5hbWU9Imp1bGllbiIscmVhbG09ImxpbnV4d2FsbC5pbmZvIixub25jZT0iOXRXNVVLSGRCQVRiUW5naXNvdkdVK09lcEhwWTZwOHlmNGhoNFV2TjJPYz0iLGN ub25jZT0icUpGY0xUcWNqSVAwZytabFJrTWVCV21NRnRtTDl5ZVE2bDMyRjk3UUFlST0iLG5jPTAwMDAwMDAxLHFvcD1hdXRoLG1heGJ1Zj0xMDI0LGRpZ2VzdC11cmk9I nNtdHAvbG9jYWxob3N0IixyZXNwb25zZT05N2UyNmMzMzFjNWZjNWFlYjQ4Mjc4YjY2YWZhMzZjNw== S: 535 5.7.8 Error: authentication failed: authentication failure Authentication failed. generic failure Security strength factor: 0 quit 221 2.0.0 Bye Connection closed. ---- Both cyrus-sasl and openldap support digest-md5, since I'm using it with cyrus-imap on the same machine. Note that the slapd logs confirm that my postfix user is logged in using digest-md5. However, it seems that he cannot take the user's identity: ---- # tail -n 200 /var/log/slapd.log |grep conn May 21 16:36:52 samchiel slapd[1431]: conn=86 op=1 BIND authcid="postfix" authzid="postfix" May 21 16:36:52 samchiel slapd[1431]: conn=86 op=1 BIND dn="cn=postfix administrator,ou=infrastructure,dc=linuxwall,dc=info" mech=DIGEST-MD5 sasl_ssf=128 ssf=128 May 21 16:36:52 samchiel slapd[1431]: conn=86 op=1 RESULT tag=97 err=0 text= May 21 16:36:52 samchiel slapd[1431]: conn=86 op=2 RESULT tag=120 err=123 text=not authorized to assume identity May 21 16:36:52 samchiel slapd[1431]: conn=86 op=2 do_extended: get_ctrls failed May 21 16:36:52 samchiel slapd[1431]: conn=86 op=3 UNBIND May 21 16:36:52 samchiel slapd[1431]: conn=86 fd=17 closed ---- Below is the test with cyrus-imap and the exact same user: ---- # imtest -a julien -m digest-md5 localhost S: * OK samchiel Cyrus IMAP4 v2.2.13-Debian-2.2.13-19 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=DIGEST-MD5 AUTH=NTLM AUTH=CRAM-MD5 SASL-IR S: C01 OK Completed C: A01 AUTHENTICATE DIGEST-MD5 S: + bm9uY2U9IkNFenZ5aXJZRHBTOXNSN3lsWXBEZTBKeEtrK1FqMjdoekFiakJhSjdPY289IixyZWFsbT0ic2FtY2hpZWwiLHFvcD0iYXV0aCxhdXRoLWludCxhdXRoL WNvbmYiLGNpcGhlcj0icmM0LTQwLHJjNC01NixyYzQsZGVzLDNkZXMiLG1heGJ1Zj00MDk2LGNoYXJzZXQ9dXRmLTgsYWxnb3JpdGhtPW1kNS1zZXNz Please enter your password: C: dXNlcm5hbWU9Imp1bGllbiIscmVhbG09InNhbWNoaWVsIixub25jZT0iQ0V6dnlpcllEcFM5c1I3eWxZcERlMEp4S2srUWoyN2h6QWJqQmFKN09jbz0iLGNub25jZT0 iVVNIUkd0YkREeDVWMEszVjErUEROQVBscFBkbnZnQTJwUWg0aEQ4MUZTOD0iLG5jPTAwMDAwMDAxLHFvcD1hdXRoLWNvbmYsY2lwaGVyPXJjNCxtYXhidWY9MTAyNCxka Wdlc3QtdXJpPSJpbWFwL2xvY2FsaG9zdCIscmVzcG9uc2U9MGY0OWMwZjBhOGJhZmI1NTlkYmY0MTNiMzQzMjcxMGY= S: + cnNwYXV0aD01ZjRlMjBlYjdkMjY5M2IxM2U1NGMwYWUzYmJmZWQ4ZQ== C: S: A01 OK Success (privacy protection) Authenticated. Security strength factor: 128 . logout * BYE LOGOUT received . OK Completed Connection closed. ---- This one is a success... Julien
