ldapcheck

What is ldapcheck?

ldapcheck is a program that uses the same interface used by the pwcheck program distributed with cyrus sasl 1.x. The aim is to authenticate against ldap with plain text username and password. The rationale behind writing this program was to get postfix to relay mail based on the authentication of users on an LDAP tree by using only the libraries that are available on the stable (woody) debian distribution.

This program was written by Simo Sorce and me and it is released under the same license which the pwcheck.c example from Carnegie Mellon was released.

Install

Just untar the sources, launch ./configure and make followed by make install. You can configure the daemon by editing the configuration file /etc/ldapcheck.conf. Look at the manpages for the description of the various options.

Configuration

To configure postfix to allow the relay do the following:

# apt-get install postfix-tls sasl-bin libsasl-modules-plain mime-codecs

Then add the following in /etc/postfix/main.cf:

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, \
  check_relay_domains, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = no # This should be set to yes once testing is complete

Create the file /etc/postfix/sasl/smtpd.conf: 

pwcheck_method: pwcheck

In order to test the funcionality:

printf "\0%s\0%s" <username> <password> | base64-encode ; echo

And then: 

kantele:~$ telnet mailserver smtp
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 test.rfc822.org ESMTP Postfix
ehlo test
250-test.rfc822.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN CRAM-MD5
250-XVERP
250 8BITMIME
auth plain AHVzZXJuYW1lAHBhc3N3b3Jk
Download

ldapcheck_0.6-2.tar.gz 9a2b897d4eb52f3a027ff2417264abfe
Thu, 5 Feb 2004 12:02:21 +0000

  • Make /etc/ldapcheck.conf a conffile so we don't bork on upgrades

ldapcheck_0.6-1.tar.gz 57abdc16e35a1b4786b5641176ee5210
Sat, 31 Jan 2004 21:11:31 +0100

  • New release fixing a possible crash