I don't have much time to look at all of this, so if you can get something together it would help. Something like that can be added quite easily late in the dev cycle, but we can't wait much longer to switch to openldap-2.1.x and dumping sasl2, so I will spend what time I have on getting postfix to auth to openldap via sasl2 ... until it works.
Buchan,
Just wanted to let you know I believe I'm making progress with the postfix, saslauthd, pam, openldap stuff.
I spent all day yesterday tracking down auth errors, rebuilding and installing rpms, and as of this morning actually have postfix auth'ing against saslauthd using pam for system users. I wanted to take everything one step at a time, and figured that postfix -> saslauthd was the best place to start. (Although installed, I don't have the openldap, pam_ldap stuff configured yet.)
The problem is, now I need to be able to reproduce. As I was trying to isolate issues as I encountered them, I didn't write anything down :'( ... I won't have much time to work on this until the end of next week (will be out of town) but wanted to provide you with as much help/hints as I can. My goal is to do another rebuild (starting with base mdk91), and document what needs to happen to bring all the pieces together (step-by-step).
(As I recall) I started with db41, then rebuilt your openldap srpm, and installed. Then I had to install openssl 0.9.7b, and all the other deps required to rebuild postfix. After rebuilding postfix, configured and Hmmm, it's working. (Geez, sounds so simple when I put it like that, but it wasn't...)
Note: I needed to take postfix out of chroot (master.cf): smtp inet n - n - - smtpd
I saw where there were some work-arounds for this but they weren't pretty, and had issues of there own.
My next step is to configure openldap, get that into pam, so saslauthd will use. If all goes well there, postfix, cyrus-imap (and others?) should be able to authenticate system & ldap users (with no difference). I think we are getting very close!
The rpms I currently have installed (mdk9.1 based) include: # rpm -qa '*postfix*' postfix-2.0.12-3mdk
# rpm -qa '*sasl*' libsasl2-plug-login-2.1.13-2mdk libsasl2-2.1.13-2mdk libsasl2-devel-2.1.13-2mdk libsasl2-plug-plain-2.1.13-2mdk cyrus-sasl-2.1.12-1mdk libsasl7-1.5.28-5mdk
# rpm -qa '*ldap*' nss_ldap-204-1.1mdk openldap-servers-2.1.22-1mdk openldap-2.1.22-1mdk openldap-clients-2.1.22-1mdk libldap2-devel-2.1.22-1mdk php-ldap-4.3.0-3mdk libldap2-2.1.22-1mdk openldap-migration-2.1.22-1mdk
# rpm -qa '*ssl*' libopenssl0.9.7-devel-0.9.7b-2mdk libopenssl0-0.9.6i-1.1mdk openssl-0.9.7b-2mdk libopenssl0.9.7-0.9.7b-2mdk
Hope all this helps! - I'm just excited to finally be able to auth with postfix. (Trying to walk before I run.)
Scott
