-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Hi guys, > > > Does auth_smtp check the password in LDAP_PASSWD field like auth_pop and > auth_imap? If not, how does auth_smtp authentication happen? > > I'm asking this because QLDAPINSTALL says this field serves just for > auth_pop and auth_imap authentication.
QLDAPINSTALL ~control/ldappassword If rcpt verify or auth_smtp is used... you should check qmail-ldap mailing list history. - ----------------- Since 20031001 patch QmailLDAP supports SMTP authentication protocol (rfc 2554). Use of 20050401 patch or later is recommended. Only PLAIN authentication schema is supported. CRAM-MD5 and DIGEST-MD5 authentication schemas are not implemented. CRAM-MD5 requires features that are not enabled in qmail-ldap by default. DIGEST-MD5 requires specific user name layout (i think). SMTP authentication is enabled by adding SMTPAUTH variable to tcpserver's environment. If you use daemontools (http://cr.yp.to/daemontools.html) startup scripts supplied by qmail-ldap 20031101 or later, you can do that by adding <pre> :allow,SMTPAUTH="" </pre> to /var/qmail/control/qmail-smtpd.rules and running command 'make' in /var/qmail/control directory. If you set SMTPAUTH value to TLSREQUIRED (SMTPAUTH="TLSREQUIRED"), then authentication will work only in TLS encrypted sessions. See information about compiling and installing qmail ldap with TLS support. In order to authenticate users, smtp server's user (normally qmaild) must be able to validate password entered by user with information stored in LDAP userPassword field. Access to this field is usually restricted and qmaild user does not have enough privileges to access ldap connection information. There are two possible solutions to this problem. First solution is to give read access rights to qmaild user or nofiles group on /var/qmail/control/ldappassword configuration file. <pre> # chgrp nofiles /var/qmail/control/ldappassword # chmod 640 /var/qmail/control/ldappassword </pre> or <pre> # chmod 400 /var/qmail/control/ldappassword # chown qmaild /var/qmail/control/ldappassword </pre> Second solution is to enable ldaprebind in /var/qmail/control/ldaprebind. <pre> # echo 1 > /var/qmail/control/ldaprebind </pre> If ldap rebind is used, qmaild user must be able to retrieve user's dn in anonymous LDAP connection and authenticate to LDAP server with retrieved user's dn and password provided by user. Password schema used in userPassword field must be supported by LDAP server's authentication system. - ------------------------ Fix grammar and style, recheck urls and recommended patch dates (tested on 20050401 patch, there are some auth issues listed in QLDAPNEWS). wiki/Auth_smtp is in man page format. Manual pages are usually short and do not contain detailed configuration guides. http://www.lifewithqmail.org/ldap/#SMTP%20AUTH http://www.qmail-ldap.org/wiki/Lwql#SMTP_AUTH http://www.qmail-ldap.org/wiki/Configuration_FAQ#How_do_I_enable_SMTP-AUTH.3F - -- Tomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iEUEARECAAYFAkLRAE4ACgkQ+cs+8aEMofBz1ACggIS1xvw7wrFXWIoN2KB9Jiny sMkAmKiFUUV67uXd7V1z6d3osTq86ao= =dGEN -----END PGP SIGNATURE-----
