Re: SASL-AUTH and/or Kerberos in ldap_table

Mon, 27 Sep 2010 14:09:37 -0700 

* Christian Rößner <c...@roessner-network-solutions.com>:
> It works!

Probably OT for this list and better suited for the developers list, but does
it still work without any errors? Having EXTERNAL available in LDAP queries
would be quite nice - you get TLS, authentication and authorization at once.

Could this become part of Postfix if it works? I'd volunteer to add some
documentation to SASL_README if that is the right place besides ldap_table(5).

p...@rick



> 
> The ldap_table SASL patch works for me on postfix-2.8-20100913
> 
> Sep 15 18:57:58 db slapd[1355]: do_bind: dn () SASL mech EXTERNAL
> Sep 15 18:57:58 db slapd[1355]: ==>slap_sasl2dn: converting SASL name 
> cn=mx0.roessner-net.de to a DN
> Sep 15 18:57:58 db slapd[1355]: slap_parseURI: parsing 
> cn=proxyuser,dc=roessner-net,dc=de
> Sep 15 18:57:58 db slapd[1355]: >>> dnNormalize: 
> <cn=proxyuser,dc=roessner-net,dc=de>
> Sep 15 18:57:58 db slapd[1355]: <<< dnNormalize: 
> <cn=proxyuser,dc=roessner-net,dc=de>
> Sep 15 18:57:58 db slapd[1355]: <==slap_sasl2dn: Converted SASL name to 
> cn=proxyuser,dc=roessner-net,dc=de
> Sep 15 18:57:58 db slapd[1355]: slap_sasl_getdn: dn:id converted to 
> cn=proxyuser,dc=roessner-net,dc=de
> Sep 15 18:57:58 db slapd[1355]: conn=3057 op=1 BIND 
> authcid="cn=mx0.roessner-net.de" authzid="cn=mx0.roessner-net.de"
> Sep 15 18:57:58 db slapd[1355]: SASL Authorize [conn=3057]:  proxy 
> authorization allowed authzDN=""
> Sep 15 18:57:58 db slapd[1355]: send_ldap_sasl: err=0 len=-1
> Sep 15 18:57:58 db slapd[1355]: conn=3057 op=1 BIND 
> dn="cn=proxyuser,dc=roessner-net,dc=de" mech=EXTERNAL sasl_ssf=0 ssf=128
> Sep 15 18:57:58 db slapd[1355]: do_bind: SASL/EXTERNAL bind: 
> dn="cn=proxyuser,dc=roessner-net,dc=de" sasl_ssf=0
> 
> I have to check, if I did a mistake with the patch itself, causing the man 
> page errors, or if the patch needs little tweaks :) But at least the 
> functionality is working. I am so happy! :)
> 
> Christian



-- 
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
justified.

saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>

Attachment: signature.asc
Description: Digital signature

Reply via email to