While upgrading from RHEL4 to RHEL5, SASL support within postfix broke. After lots of hair pulling, the problem was reduced down to the /etc/sasl2/smtpd.conf file, and the ldap_group_dn setting. Previously, this setting referred to a group that the user needed to be a member of before being allowed access, and this worked in RHEL4. In RHEL5, the presence of this setting causes the following error: Apr 16 19:11:35 162242-app1 saslauthd[20637]: Authentication failed for minfrin@ example.com: Group member check failed (-4) Apr 16 19:11:35 162242-app1 saslauthd[20637]: do_auth : auth failure: [u ser=minfrin] [service=smtpd] [realm=] [mech=ldap] [reason=Unknown] Removing the ldap_group_dn setting allows anybody with a valid password to come in.
Was the LDAP server upgraded as well? I don't see any change in cyrus-sasl related to the ldap group matching code between RHEL-4 and 5. What if you add 'ldap_group_match_method: filter' setting to the config file?
Reporter, could you please reply to the previous question?