Ldap – Debian Cyrus SASL LDAP Auth fails

I am in the middle of an emergency server transfer from a server I did not setup to a new piece of hardware. I am running the newest Debian with Postfix and Cyrus. I have copied over the majority of the details from the conf files but I am still not able to get the server to work properly with my LDAP server. I am able to send mail with Postfix, but I cannot check anything else it seems without a working login. My auth log is showing:

May 28 14:48:55 server saslauthd[1101]: Authentication failed for user: Bind to ldap server failed (invalid user/password or insufficient access) (-7)
May 28 14:48:55 server saslauthd[1101]: do_auth         : auth failure: [user=user] [service=imap] [realm=] [mech=ldap] [reason=Unknown]

I am stumped!

saslauthd.conf

ldap_bind_dn: cn=admin,dc=server,dc=host,dc=com
ldap_password: secret
ldap_servers: ldap://ldap.server.host.com
ldap_search_base: dc=server,dc=host,dc=com
ldap_auth_method: fastbind
ldap_filter: uid=%u,ou=People,dc=server,dc=host,dc=com
ldap_tls_cacert_file: /etc/ldap/ssl/server.pem
ldap_tls_cert: /etc/ldap/ssl/server.pem

main.cf

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no


myhostname = hostname
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = hostname, mail.hostname, mailer. hostname, hostname, localhost.name, localhost
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp
mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp
local_destination_recipient_limit = 300
local_destination_concurrency_limit = 5
local_recipient_maps =

# SASL Auth Settings
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = 
        permit_mynetworks, 
        permit_sasl_authenticated, 
        reject_unauth_destination, 
        check_sender_access hash:/etc/postfix/sender_access, 
        reject_rbl_client sbl-xbl.spamhaus.org

# TLS Information
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/postfix.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
#smtpd_tls_key_file = /etc/postfix/ssl/postfix.pem
#smtpd_tls_CAfile = /etc/ssl/self/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = no
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
message_size_limit = 104857600

Best Answer

In saslauthd.conf try to update as follows (using anonymous bind):

ldap_servers: ldap://ldap.server.host.com:389    
ldap_search_base: ou=People,dc=server,dc=host,dc=com
ldap_filter: (uid=%u)

CentOS 7 has further these two configuration files:

cat /etc/saslauthd.conf

ldap_servers: ldap://5.135.218.160:389
ldap_search_base: ou=People,dc=pb,dc=com
ldap_filter: (&(uid=%u)(zarafaAccount=1))

cat /etc/sasl2/smtpd.conf

pwcheck_method: saslauthd
mech_list: plain login

Locations for Debian may differ. Test configuration with

testsaslauthd -u user1 -p mypassword -s smtp

Not sure if the following error message means anything, but I thing it should be [service=smtp]:

May 28 14:48:55 server saslauthd[1101]: do_auth : auth failure: [user=user] [service=imap] [realm=] [mech=ldap] [reason=Unknown]

Best Answer

Related Solutions

Postfix: How to Make Email Aliases Work

Postfix rejects all incoming mail (Client host rejected: Access denied)

Related Topic