[FUG-BR] autenticação postfix+ldap
Jose Raimundo da S. Barbosa
jose.barbosa em cpaa.embrapa.br
Terça Agosto 26 10:01:50 BRT 2008
Ola colegas, estou com problema na integracao do Postfix+LDAP. Tenho
tentado diversas solucoes (variacoes de uma para outra apenas) e nao
consigo fazer a autenticacao utilizando o imap (por enqto soh to
trabalhando nele). Envio meu arquivos de configuracao e meu log...qualquer
ajuda é bem-vinda...
Postfix (Atencao a clausula alias_maps)
-------
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
mail_owner = postfix
myhostname = mensageiro.cpaa.embrapa.br
mydomain = cpaa.embrapa.br
myorigin = $mydomain
inet_interfaces = all
mydestination = mensageiro.cpaa.embrapa.br, localhost, $myhostname,
$mydomain, mailhost.$mydomain
unknown_local_recipient_reject_code = 450
mynetworks = 127.0.0.0/8 200.202.130.0/24 mensageiro.cpaa.embrapa.br
relay_domains = $mydestination
alias_maps = ldap:/usr/local/etc/postfix/ldap-aliases.cf
alias_database = hash:/etc/mail/aliases
recipient_delimiter = +
home_mailbox = Maildir/
mail_spool_directory = /var/mail
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = no
mailbox_size_limit = 0
message_size_limit = 15000000
#restricoes de recebimento
smtpd_recipient_restrictions = permit_mynetworks,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_destination,
hash:/usr/local/etc/postfix/recipient-lists_map,
#check_recipient_acess
regexp:/usr/local/etc/postfix/ip-access,
check_sender_access hash:/usr/local/etc/postfix/ip-access,
reject_rbl_client blackholes.easynet.nl,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client proxies.blackholes.wirehub.net,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client multihop.dsabl.org,
reject_rbl_client zombie.dnsbl.sorbs.net,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client psbl.surriel.com,
permit
smtpd_sender_restrictions = reject_unknown_sender_domain,
reject_non_fqdn_sender,
reject_unauth_pipelining,
check_sender_access
regexp:/usr/local/etc/postfix/sender-proibidos
smtpd_helo_restrictions = reject_invalid_hostname, reject_rbl_client,
permit_mynetworks
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_recipient_limit = 1000
#Conf Amavis
#content_filter=smtp-amavis:[localhost]:10024
#Conf Maildrop
maildrop_destination_recipient_limit = 1
virtual_transport = maildrop
ldap-aliases.cf
---------------
server_host = ldap://mensageiro.cpaa.embrapa.br,
ldap://ariranha.cpaa.embrapa.br
search_base = ou=People, dc=cpaa, dc=embrapa, dc=br
query_filter = uid=%s
result_attribute = uid
version = 3
master.cf (postei aqui somente a linha referente ao Maildrop)
----------
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
# abaixo descomemtado~!!!
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
authdaemonrc
------------
authmodulelist="authldap"
authmodulelistorig="authldap"
daemons=5
authdaemonvar=/var/run/authdaemond
subsystem=mail
DEBUG_LOGIN=2
DEFAULTOPTIONS="wbnodsn=1"
LOGGEROPTS=""
authldaprc
----------
LDAP_URI ldap://mensageiro.cpaa.embrapa.br, ldap://ariranha.cpaa.embrapa.br
LDAP_PROTOCOL_VERSION 3
LDAP_BASEDN dc=embrapa, dc=br
#LDAP_BINDDN cn=root, dc=embrapa, dc=br
#LDAP_BINDPW #senha
LDAP_TIMEOUT 5
#LDAP_AUTHBIND 1
LDAP_MAIL uid
#LDAP_FILTER (objectClass=inetOrgPerson)
# LDAP_DOMAIN example.com
# LDAP_GLOB_UID vmail
# LDAP_GLOB_GID vmail
LDAP_HOMEDIR homeDirectory
# LDAP_MAILROOT /var/mail
LDAP_MAILDIR ./Maildir
LDAP_DEFAULTDELIVERY defaultDelivery
# LDAP_MAILDIRQUOTA quota
LDAP_FULLNAME cn
LDAP_CLEARPW clearPassword
LDAP_CRYPTPW userPassword
# LDAP_UID uidNumber
# LDAP_GID gidNumber
#
LDAP_ENUMERATE_FILTER (&(objectClass=CourierMailAccount)(!(disableshared=1)))
LDAP_DEREF never
LDAP_TLS 0
# LDAP_EMAILMAP (&(userid=@user@)(realm=@realm@))
# LDAP_EMAILMAP_BASEDN o=emailmap, c=com
# dn: userid=john, realm=example.com, o=emailmap, c=com #
LDAP_EMAILMAP_BASEDN
# userid: john # LDAP_EMAILMAP search
# realm: example.com # LDAP_EMAILMAP search
# handle: cc223344 # LDAP_EMAILMAP_ATTRIBUTE
#
#
# dn: controlHandle=cc223344, o=example, c=com # LDAP_BASEDN
# controlHandle: cc223344 # LDAP_EMAILMAP_MAIL set to "controlHandle"
# uid: ...
# gid: ...
# [ etc... ]
#
# LDAP_EMAILMAP_ATTRIBUTE handle
# LDAP_EMAILMAP_MAIL mail
debug.log
----------
Aug 26 09:07:00 mensageiro authdaemond: received auth request,
service=imap, authtype=login
Aug 26 09:07:00 mensageiro authdaemond: authldap: trying this module
Aug 26 09:07:00 mensageiro authdaemond: selected ldap protocol version 3
Aug 26 09:07:00 mensageiro authdaemond: binding to LDAP server as DN
'<null>', password '<null>'
Aug 26 09:07:00 mensageiro slapd[6880]: conn=185486 fd=25 ACCEPT from
IP=200.202.130.3:61416 (IP=0.0.0.0:389)
Aug 26 09:07:00 mensageiro slapd[6880]: conn=185486 op=0 BIND dn=""
method=128
Aug 26 09:07:00 mensageiro slapd[6880]: conn=185486 op=0 RESULT tag=97
err=0 text=
Aug 26 09:07:00 mensageiro authdaemond: using search filter:
(uid=jose.barbosa)
Aug 26 09:07:00 mensageiro slapd[6880]: conn=185486 op=1 SRCH
base="dc=embrapa,dc=br" scope=2 deref=0 filter="(uid=jose.barbosa)"
Aug 26 09:07:00 mensageiro slapd[6880]: conn=185486 op=1 SRCH
attr=homeDirectory ./Maildir cn clearPassword userPassword uid
Aug 26 09:07:00 mensageiro slapd[6880]: conn=185486 op=1 SEARCH RESULT
tag=101 err=0 nentries=1 text=
Aug 26 09:07:00 mensageiro authdaemond: one entry returned, DN:
uid=jose.barbosa,ou=People,dc=cpaa,dc=embrapa,dc=br
Aug 26 09:07:00 mensageiro authdaemond: raw ldap entry returned:
Aug 26 09:07:00 mensageiro authdaemond: | uid: jose.barbosa
Aug 26 09:07:00 mensageiro authdaemond: | homeDirectory:
/export/home/jose.barbosa
Aug 26 09:07:00 mensageiro authdaemond: | cn: Jose Raimundo Barbosa
Aug 26 09:07:00 mensageiro authdaemond: authldaplib: sysusername=<null>,
sysuserid=0, sysgroupid=0, homedir=/export/home/jose.barbosa,
address=jose.barbosa, fullname=Jose Raimundo Barbosa, maildir=<null>,
quota=<null>, options=<null>
Aug 26 09:07:00 mensageiro authdaemond: authldaplib: clearpasswd=<null>,
passwd=<null>
Aug 26 09:07:00 mensageiro authdaemond: no password to compare against!
Aug 26 09:07:00 mensageiro authdaemond: authldap: REJECT - try next module
Aug 26 09:07:00 mensageiro authdaemond: FAIL, all modules rejected
obs: para fazer o teste acima, utilizo o squirrelmail..
agradeço a ajuda
--
José Raimundo da S. Barbosa
Embrapa Amazônia Ocidental
Setor de Informação
Fone: (92) 3621-0350
Mais detalhes sobre a lista de discussão freebsd