> Thanks, HyperAxe. That fixed my immediate problem... Now it actually > tries to authenticate when I roam... which is exactly what I wanted. :-) > > The new problem is with authentication. It rejects whatever > username/password combo that I put in... I'm guessing that relates with > my failure to configure my qmail-smtpd/run script correctly.
Life with qmail-ldap book is outdated. Current version of Qmail-LDAP does not need extra arguments in qmail-smtpd. Check /var/qmail/boot/qmail-smtpd/run Check mailing list history. I think information about setting smtp auth in qmail-ldap was posted several times. ----------------- Since 20031001 patch QmailLDAP supports SMTP authentication protocol (rfc 2554). Use of 20050401 patch or later is recommended. Only PLAIN authentication schema is supported. CRAM-MD5 and DIGEST-MD5 authentication schemas are not implemented. CRAM-MD5 requires features that are not enabled in qmail-ldap by default. DIGEST-MD5 requires specific user name layout (i think). SMTP authentication is enabled by adding SMTPAUTH variable to tcpserver's environment. If you use daemontools (http://cr.yp.to/daemontools.html) startup scripts supplied by qmail-ldap 20031101 or later, you can do that by adding <pre> :allow,SMTPAUTH="" </pre> to /var/qmail/control/qmail-smtpd.rules and running command 'make' in /var/qmail/control directory. If you set SMTPAUTH value to TLSREQUIRED (SMTPAUTH="TLSREQUIRED"), then authentication will work only in TLS encrypted sessions. See information about compiling and installing qmail ldap with TLS support. In order to authenticate users, smtp server's user (normally qmaild) must be able to validate password entered by user with information stored in LDAP userPassword field. Access to this field is usually restricted and qmaild user does not have enough privileges to access ldap connection information. There are two possible solutions to this problem. First solution is to give read access rights to qmaild user or nofiles group on /var/qmail/control/ldappassword configuration file. <pre> # chgrp nofiles /var/qmail/control/ldappassword # chmod 640 /var/qmail/control/ldappassword </pre> or <pre> # chmod 400 /var/qmail/control/ldappassword # chown qmaild /var/qmail/control/ldappassword </pre> Second solution is to enable ldaprebind in /var/qmail/control/ldaprebind. <pre> # echo 1 > /var/qmail/control/ldaprebind </pre> If ldap rebind is used, qmaild user must be able to retrieve user's dn in anonymous LDAP connection and authenticate to LDAP server with retrieved user's dn and password provided by user. Password schema used in userPassword field must be supported by LDAP server's authentication system. -- Tomas
