Bug 115249 - Unable to authenticate postfix to OpenLDAP
Unable to authenticate postfix to OpenLDAP
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: postfix (Show other bugs)
3.0
All Linux
medium Severity high
: ---
: ---
Assigned To: John Dennis
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-02-09 11:52 EST by Rama Subramanian
Modified: 2007-11-30 17:07 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-02-24 14:22:50 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
main.cf file with vitual domain (1.95 KB, text/plain)
2004-02-09 12:14 EST, Rama Subramanian
no flags Details

  None (edit)
Description Rama Subramanian 2004-02-09 11:52:42 EST
Description of problem:
Unable to authenticate postfix to OpenLDAP

Version-Release number of selected component (if applicable):
Postfix version 2.0.11-4
Openldap-servers - 2.0.27-11

How reproducible:
always

Tried to send mail and the /var/log/maillog shows the pid killed
 by signal 11.
Comment 1 Rama Subramanian 2004-02-09 12:14:51 EST
Created attachment 97538 [details]
main.cf file with vitual domain
Comment 2 John Dennis 2004-02-11 17:15:49 EST
I have built a current version of postfix that links against sasl v1,
there is a good chance this will solve your problem, I personally have
not tested it. Please give it a try and let me know what your results are.

ftp://people.redhat.com/jdennis/postfix-2.0.16-7.saslv1.i386.rpm
Comment 3 Rama Subramanian 2004-02-11 18:14:32 EST
I have downloaded the rpm and test it. I will let you whether problem
still persist
Comment 4 John Dennis 2004-02-12 18:23:33 EST
Did this RPM work?
Comment 5 Rama Subramanian 2004-02-12 19:21:05 EST
The rpm worked fine. I am using only simple authentication not sasl now.
Thanks very much
Comment 6 John Dennis 2004-02-13 16:02:38 EST
I'm glad this is working for you. But I would like to verify something
to make sure I'm not missing something. Both the synopsis of the bug
and comment #5 make reference to authentication, I hope this is just
loose vocabulary. What authentication are you refering to? If you're
refering to the ldap bind operation we're fine, but if you mean
postfix authentication (e.g. SMTP AUTH) then I need to understand
things better. The reason I ask is because postfix can only to the
best of my knowledge authenticate through via the SASL library which
should have been broken by reverting to v1 sasl in the package I gave
you (as long as you have not modified default groups or permissions). 

So when you say simple authentication is working for you, you mean
ldap bind and not SMTP AUTH right?
Comment 7 Rama Subramanian 2004-02-14 09:11:21 EST
I was referring to ldap simple bind operation. Before the fix I tried
LDAP SASL mechanism, TLS and simple bind operation, I was getting
segmentation faul error. As soon as I got your fix, I tried simple
bind operation then others and it works fine. 
Comment 8 James Leafey 2004-02-24 13:13:31 EST
I'm having exactly the same issue (RHEL 3.0, postfix-2.0.11-4).  On an
older system (RH 8.0, postfix-1.1.12-0.8, cyrus-sasl-2.1.10-1) I build
a modified specfile that build an RPM with both LDAP table support and
SMTP AUTH via sasl.  Is there an expected timeframe for this support
to make it into RHEL 3.0?
Comment 9 John Dennis 2004-02-24 14:22:50 EST
This problem has been fixed and will appear in RHEL 3 Update 2. In the
mean time if you want you can download the package from here,

ftp://people.redhat.com/jdennis/postfix-2.0.16-12.RHEL3.i386.rpm

If you discover any problems with it I would appreciate knowing ASAP.
Comment 10 James Leafey 2004-02-24 22:57:27 EST
Preliminary testing of the RPM looks fine, the LDAP lookups now work
exactly as advertised.  I haven't tested the AMTP AUTH via SASL yet,
hope to test tomorrow.  Looks good so far!  

BTW, it's not obvious but you can use the 'postmap' tool to test the
LDAP lookups as well as hash lookups.  The syntax for an LDAP lookup is:

    postmap -q 'foo@bar.com' ldap:ldapmapname

The '-v' switch provides a lot of extra information, which helped in
the debugging process.

Note You need to log in before you can comment on or make changes to this bug.