On 21/05/10 16:41 +0200, Julien Vehent wrote:
smtptest -a julien -m digest-md5 localhost
S: 535 5.7.8 Error: authentication failed: authentication failure
Authentication failed. generic failure
Security strength factor: 0
quit
221 2.0.0 Bye
Connection closed.
----
Both cyrus-sasl and openldap support digest-md5, since I'm using it with
cyrus-imap on the same machine.
Note that the slapd logs confirm that my postfix user is logged in using
digest-md5. However, it seems that he cannot take the user's identity:
----
# tail -n 200 /var/log/slapd.log |grep conn
May 21 16:36:52 samchiel slapd[1431]: conn=86 op=1 BIND authcid="postfix"
authzid="postfix"
May 21 16:36:52 samchiel slapd[1431]: conn=86 op=1 BIND dn="cn=postfix
administrator,ou=infrastructure,dc=linuxwall,dc=info" mech=DIGEST-MD5
sasl_ssf=128 ssf=128
May 21 16:36:52 samchiel slapd[1431]: conn=86 op=1 RESULT tag=97 err=0
text=
May 21 16:36:52 samchiel slapd[1431]: conn=86 op=2 RESULT tag=120 err=123
text=not authorized to assume identity
May 21 16:36:52 samchiel slapd[1431]: conn=86 op=2 do_extended: get_ctrls
failed
May 21 16:36:52 samchiel slapd[1431]: conn=86 op=3 UNBIND
May 21 16:36:52 samchiel slapd[1431]: conn=86 fd=17 closed
----
I don't have a lot of familiarity interpreting slapd logs, but seems
to indicate that cn=postfix
administrator,ou=infrastructure,dc=linuxwall,dc=info cannot assume the
identify of 'postfix'.
What level of debugging are you capturing at? I'll try to log one of my
postfix authentications so you can compare.
Below is the test with cyrus-imap and the exact same user:
# imtest -a julien -m digest-md5 localhost
S: A01 OK Success (privacy protection)
Authenticated.
Are you using the same authc identity within your imapd.conf config and
smtpd.conf? If not, is there anything different about how they're
configured in your ldap tree?
Can you provide your /etc/postfix/sasl/smtpd.conf config, and the output of
'grep sasl /etc/imapd.conf' for comparison?
--
Dan White
