ldapcheckWhat is ldapcheck?
ldapcheck is a program that uses the same interface used by the pwcheck program distributed with cyrus sasl 1.x. The aim is to authenticate against ldap with plain text username and password. The rationale behind writing this program was to get postfix to relay mail based on the authentication of users on an LDAP tree by using only the libraries that are available on the stable (woody) debian distribution.
This program was written by Simo Sorce and me and it is released under the same license which the pwcheck.c example from Carnegie Mellon was released.Install
Just untar the sources, launch ./configure and make followed by make install. You can configure the daemon by editing the configuration file /etc/ldapcheck.conf. Look at the manpages for the description of the various options.Configuration
To configure postfix to allow the relay do the
# apt-get install postfix-tls sasl-bin libsasl-modules-plain mime-codecs
Then add the following in /etc/postfix/main.cf:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, \ check_relay_domains, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname smtpd_sasl_auth_enable = yes smtpd_tls_auth_only = no # This should be set to yes once testing is complete
Create the file /etc/postfix/sasl/smtpd.conf:
In order to test the funcionality:
printf "\0%s\0%s" <username> <password> | base64-encode ; echo
kantele:~$ telnet mailserver smtp Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 test.rfc822.org ESMTP Postfix ehlo test 250-test.rfc822.org 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN CRAM-MD5 250-XVERP 250 8BITMIME auth plain AHVzZXJuYW1lAHBhc3N3b3JkDownload
Thu, 5 Feb 2004 12:02:21 +0000
- Make /etc/ldapcheck.conf a conffile so we don't bork on upgrades
Sat, 31 Jan 2004 21:11:31 +0100
- New release fixing a possible crash