Bug 115249 - Unable to authenticate postfix to OpenLDAP
Summary: Unable to authenticate postfix to OpenLDAP
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: postfix   
(Show other bugs)
Version: 3.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: John Dennis
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2004-02-09 16:52 UTC by Rama Subramanian
Modified: 2007-11-30 22:07 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-02-24 19:22:50 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
main.cf file with vitual domain (1.95 KB, text/plain)
2004-02-09 17:14 UTC, Rama Subramanian
no flags Details

Description Rama Subramanian 2004-02-09 16:52:42 UTC
Description of problem:
Unable to authenticate postfix to OpenLDAP

Version-Release number of selected component (if applicable):
Postfix version 2.0.11-4
Openldap-servers - 2.0.27-11

How reproducible:

Tried to send mail and the /var/log/maillog shows the pid killed
 by signal 11.

Comment 1 Rama Subramanian 2004-02-09 17:14:51 UTC
Created attachment 97538 [details]
main.cf file with vitual domain

Comment 2 John Dennis 2004-02-11 22:15:49 UTC
I have built a current version of postfix that links against sasl v1,
there is a good chance this will solve your problem, I personally have
not tested it. Please give it a try and let me know what your results are.


Comment 3 Rama Subramanian 2004-02-11 23:14:32 UTC
I have downloaded the rpm and test it. I will let you whether problem
still persist

Comment 4 John Dennis 2004-02-12 23:23:33 UTC
Did this RPM work?

Comment 5 Rama Subramanian 2004-02-13 00:21:05 UTC
The rpm worked fine. I am using only simple authentication not sasl now.
Thanks very much

Comment 6 John Dennis 2004-02-13 21:02:38 UTC
I'm glad this is working for you. But I would like to verify something
to make sure I'm not missing something. Both the synopsis of the bug
and comment #5 make reference to authentication, I hope this is just
loose vocabulary. What authentication are you refering to? If you're
refering to the ldap bind operation we're fine, but if you mean
postfix authentication (e.g. SMTP AUTH) then I need to understand
things better. The reason I ask is because postfix can only to the
best of my knowledge authenticate through via the SASL library which
should have been broken by reverting to v1 sasl in the package I gave
you (as long as you have not modified default groups or permissions). 

So when you say simple authentication is working for you, you mean
ldap bind and not SMTP AUTH right?

Comment 7 Rama Subramanian 2004-02-14 14:11:21 UTC
I was referring to ldap simple bind operation. Before the fix I tried
LDAP SASL mechanism, TLS and simple bind operation, I was getting
segmentation faul error. As soon as I got your fix, I tried simple
bind operation then others and it works fine. 

Comment 8 James Leafey 2004-02-24 18:13:31 UTC
I'm having exactly the same issue (RHEL 3.0, postfix-2.0.11-4).  On an
older system (RH 8.0, postfix-1.1.12-0.8, cyrus-sasl-2.1.10-1) I build
a modified specfile that build an RPM with both LDAP table support and
SMTP AUTH via sasl.  Is there an expected timeframe for this support
to make it into RHEL 3.0?

Comment 9 John Dennis 2004-02-24 19:22:50 UTC
This problem has been fixed and will appear in RHEL 3 Update 2. In the
mean time if you want you can download the package from here,


If you discover any problems with it I would appreciate knowing ASAP.

Comment 10 James Leafey 2004-02-25 03:57:27 UTC
Preliminary testing of the RPM looks fine, the LDAP lookups now work
exactly as advertised.  I haven't tested the AMTP AUTH via SASL yet,
hope to test tomorrow.  Looks good so far!  

BTW, it's not obvious but you can use the 'postmap' tool to test the
LDAP lookups as well as hash lookups.  The syntax for an LDAP lookup is:

    postmap -q 'foo@bar.com' ldap:ldapmapname

The '-v' switch provides a lot of extra information, which helped in
the debugging process.

Note You need to log in before you can comment on or make changes to this bug.