SMTP Authentication for users from LDAP?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

SMTP Authentication for users from LDAP?

Mala Dibbs
Hi

I'm trying to setup openLDAP, postfix and dovecot as a mailserver for users
stored in the LDAP directory. I followed the following tutorials:

https://help.ubuntu.com/community/Postfix
https://help.ubuntu.com/community/PostfixDovecotSASL
https://help.ubuntu.com/community/Postfix/DovecotLDAP

Now I'm trying to authenticate with an user from the LDAP on smtp. But AUTH
PLAIN {base64:\[hidden email]\000password} returns an error (535
authorization failed).

 > postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 524288000
mailbox_transport = dovecot
mydestination = peter.com, peter.intranet.lan, localhost
myhostname = peter.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth-client
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = ldap:/etc/postfix/ldap_senders.cf
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
virtual_alias_maps = hash:/etc/postfix/virtual
ldap:/etc/postfix/ldap_virtual_users.cf
virtual_transport = dovecot

 > ldap_virtual_users.cf
server_host = ldap://localhost
search_base = ou=people,dc=peter,dc=com
bind = no
query_filter = (&(objectclass=posixAccount)(|(mail=%s)))
result_attribute = mail
domain = peter.com

 > ldap_senders.cf
server_host = ldap://localhost
search_base = ou=people,dc=peter,dc=com
bind = no
query_filter = (&(objectclass=posixAccount)(|(mail=%s)))
result_attribute = uid
domain = peter.com

The LDAP users and groups are not mapped to the system accounts (so e.g. ssh
login is not possible with an LDAP user, because that's how I want it).
Does anyone see the problem right away? How can I narrow down the problem?

postmap ldap_senders yields the uid (e.g p-hans) to a certain mail address
([hidden email]).

The ldap users Mailboxes are stored in /home/vmail/%uid/Maildir. Is it a problem
if this directory/Maildir does not exist and this user wants to send an Email.
Where can I configure postfix to use /home/vmail as homebase for user-dirs
instead of /home?

And just to get this straight: Postfix can be used by people to send mail to the
internet (e.g. *to* an AOL account) but it is also responsible to place mail
from the internet (e.g. *from* an AOL account) into the right directory on the
local filesystem. Is this correct?


Regards, Mala

Reply | Threaded
Open this post in threaded view
|

Re: SMTP Authentication for users from LDAP?

Zhang Huangbin

On Sep 29, 2009, at 3:55 AM, Mala Dibbs wrote:
>
> > ldap_virtual_users.cf
> query_filter = (&(objectclass=posixAccount)(|(mail=%s)))
>
> > ldap_senders.cf
> query_filter = (&(objectclass=posixAccount)(|(mail=%s)))

I think ldap filter here should be '(&(objectclass=posixAccount)(mail=
%s))'.

>
> The ldap users Mailboxes are stored in /home/vmail/%uid/Maildir. Is  
> it a problem if this directory/Maildir does not exist and this user  
> wants to send an Email.

Dovecot LDA (deliver) can create maildir for new users automatic.

> Where can I configure postfix to use /home/vmail as homebase for  
> user-dirs instead of /home?

You can set 'virtual_mailbox_base' in postfix main.cf.

PS: if you are not familiar with postfix+dovecot, you can try iRedMail  
open source mail server solution:
http://code.google.com/p/iredmail/

Setup a full-featured mail server in less than 2 minutes.

--
Best Regards.

Zhang Huangbin

- Open Source Mail Server Solution for Red Hat(R) Enterprise Linux,
   CentOS, Debian, Ubuntu: http://www.iredmail.org/

Reply | Threaded
Open this post in threaded view
|

Re: SMTP Authentication for users from LDAP?

Jose Alberto Pertuz
In reply to this post by Mala Dibbs
Check the modules pam

/etc/pam.d/

common-session
             -auth
             -password
             -account


2009/9/28 Mala Dibbs <[hidden email]>:

> Hi
>
> I'm trying to setup openLDAP, postfix and dovecot as a mailserver for users
> stored in the LDAP directory. I followed the following tutorials:
>
> https://help.ubuntu.com/community/Postfix
> https://help.ubuntu.com/community/PostfixDovecotSASL
> https://help.ubuntu.com/community/Postfix/DovecotLDAP
>
> Now I'm trying to authenticate with an user from the LDAP on smtp. But AUTH
> PLAIN {base64:\[hidden email]\000password} returns an error (535
> authorization failed).
>
>> postconf -n
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> broken_sasl_auth_clients = yes
> config_directory = /etc/postfix
> home_mailbox = Maildir/
> inet_interfaces = all
> inet_protocols = all
> mailbox_command = /usr/lib/dovecot/deliver
> mailbox_size_limit = 524288000
> mailbox_transport = dovecot
> mydestination = peter.com, peter.intranet.lan, localhost
> myhostname = peter.com
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
> myorigin = /etc/mailname
> readme_directory = no
> recipient_delimiter = +
> relayhost =
> smtp_tls_note_starttls_offer = yes
> smtp_tls_security_level = may
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
> smtpd_recipient_restrictions =
> permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_path = private/auth-client
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_type = dovecot
> smtpd_sender_login_maps = ldap:/etc/postfix/ldap_senders.cf
> smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
> smtpd_tls_auth_only = no
> smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
> smtpd_tls_key_file = /etc/ssl/private/smtpd.key
> smtpd_tls_loglevel = 1
> smtpd_tls_received_header = yes
> smtpd_tls_security_level = may
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtpd_tls_session_cache_timeout = 3600s
> smtpd_use_tls = yes
> tls_random_source = dev:/dev/urandom
> virtual_alias_maps = hash:/etc/postfix/virtual
> ldap:/etc/postfix/ldap_virtual_users.cf
> virtual_transport = dovecot
>
>> ldap_virtual_users.cf
> server_host = ldap://localhost
> search_base = ou=people,dc=peter,dc=com
> bind = no
> query_filter = (&(objectclass=posixAccount)(|(mail=%s)))
> result_attribute = mail
> domain = peter.com
>
>> ldap_senders.cf
> server_host = ldap://localhost
> search_base = ou=people,dc=peter,dc=com
> bind = no
> query_filter = (&(objectclass=posixAccount)(|(mail=%s)))
> result_attribute = uid
> domain = peter.com
>
> The LDAP users and groups are not mapped to the system accounts (so e.g. ssh
> login is not possible with an LDAP user, because that's how I want it).
> Does anyone see the problem right away? How can I narrow down the problem?
>
> postmap ldap_senders yields the uid (e.g p-hans) to a certain mail address
> ([hidden email]).
>
> The ldap users Mailboxes are stored in /home/vmail/%uid/Maildir. Is it a
> problem if this directory/Maildir does not exist and this user wants to send
> an Email.
> Where can I configure postfix to use /home/vmail as homebase for user-dirs
> instead of /home?
>
> And just to get this straight: Postfix can be used by people to send mail to
> the internet (e.g. *to* an AOL account) but it is also responsible to place
> mail from the internet (e.g. *from* an AOL account) into the right directory
> on the local filesystem. Is this correct?
>
>
> Regards, Mala
>
>



--
Jose Alberto Pertuz
GNU-Linux user #452473
Caracas,Venezuela
58+414+1279657