我试图在Debian Jessie上设置一个邮件服务器,并遇到了一个问题,
尝试通过命令通过saslauthd访问OpenLDAP时
testsaslauthd -u user1 -p user1pw -f /var/spool/postfix/var/run/saslauthd/mux 我在auth.log中得到以下错误
Apr 17 10:36:50 debmailserv saslauthd[1661]: user ldap_search_st() failed: Bad search filter Apr 17 10:36:50 debmailserv saslauthd[1661]: Retrying authentication Apr 17 10:36:50 debmailserv saslauthd[1661]: user ldap_search_st() failed: Bad search filter Apr 17 10:36:50 debmailserv saslauthd[1661]: Authentication failed for user1: Retry condition (ldap server connection reset or broken) (-3) Apr 17 10:36:50 debmailserv saslauthd[1661]: do_auth : auth failure: [user=user1] [service=imap] [realm=] [mech=ldap] [reason=Unknown]
但是,如果我使用相同的searchfilter在saslauthd.conf中使用下面的ldapsearch它工作正常。
ldapsearch -D "uid=saslauthd,ou=services,dc=example,dc=com" -w saslauthdpw \ -p 389 -h 127.0.0.1 -b "ou=people,dc=example,dc=com" \ -s sub "(&(uid=user1)(mailEnabled=TRUE))"
我的saslauthd.conf看起来像这样
# Server ldap_servers: ldap://127.0.0.1/ # Identity ldap_bind_dn: uid=saslauthd,ou=services,dc=example,dc=com ldap_bind_pw: saslauthdpw ldap_auth_method: bind # Connection ldap_version: 3 ldap_timeout: 10 ldap_time_limit: 10 ldap_referrals: yes # Search ldap_scope: sub ldap_search_base: ou=people,dc=example,dc=com ldap_filter: (&(uid=%u)(mailEnabled=TRUE)) # SSL ldap_ssl: no ldap_starttls: no
如果我注释掉ldap_filter,那么testsaslauth可以正常工作。
任何指针将不胜感激!
我今天得到了同样的错误。 通过使用wireshark来检查saslauthd和LDAP服务器之间的对话,我能够确定两件事可能会帮助你…
默认filter看起来是(uid =%u)
来自saslauthd的查询将结果的大小限制为1条logging。
在我的情况下,searchuid = fred是从LDAP服务器返回两个logging。