我正在进行紧急服务器转移,从一台我未设置的服务器转移到一台新硬件。我运行的是最新的 Debian,带有 Postfix 和 Cyrus。我已从 conf 文件中复制了大部分详细信息,但仍然无法使服务器与我的 LDAP 服务器正常工作。我可以使用 Postfix 发送邮件,但似乎没有有效的登录名,我无法检查任何其他内容。我的身份验证日志显示:
May 28 14:48:55 server saslauthd[1101]: Authentication failed for user: Bind to ldap server failed (invalid user/password or insufficient access) (-7)
May 28 14:48:55 server saslauthd[1101]: do_auth : auth failure: [user=user] [service=imap] [realm=] [mech=ldap] [reason=Unknown]
我困惑了!
saslauthd.conf
ldap_bind_dn: cn=admin,dc=server,dc=host,dc=com
ldap_password: secret
ldap_servers: ldap://ldap.server.host.com
ldap_search_base: dc=server,dc=host,dc=com
ldap_auth_method: fastbind
ldap_filter: uid=%u,ou=People,dc=server,dc=host,dc=com
ldap_tls_cacert_file: /etc/ldap/ssl/server.pem
ldap_tls_cert: /etc/ldap/ssl/server.pem
主配置文件
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
myhostname = hostname
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = hostname, mail.hostname, mailer. hostname, hostname, localhost.name, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp
mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp
local_destination_recipient_limit = 300
local_destination_concurrency_limit = 5
local_recipient_maps =
# SASL Auth Settings
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_sender_access hash:/etc/postfix/sender_access,
reject_rbl_client sbl-xbl.spamhaus.org
# TLS Information
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/postfix.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
#smtpd_tls_key_file = /etc/postfix/ssl/postfix.pem
#smtpd_tls_CAfile = /etc/ssl/self/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = no
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
message_size_limit = 104857600
答案1
在 saslauthd.conf 中尝试按如下方式更新(使用匿名绑定):
ldap_servers: ldap://ldap.server.host.com:389
ldap_search_base: ou=People,dc=server,dc=host,dc=com
ldap_filter: (uid=%u)
CentOS 7 还有以下两个配置文件:
猫/etc/saslauthd.conf
ldap_servers: ldap://5.135.218.160:389
ldap_search_base: ou=People,dc=pb,dc=com
ldap_filter: (&(uid=%u)(zarafaAccount=1))
猫/etc/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
Debian 的位置可能不同。使用以下配置进行测试
testsaslauthd -u user1 -p mypassword -s smtp
不确定以下错误消息是否意味着什么,但我认为它应该是 [service=smtp]:
5月28日 14:48:55 服务器 saslauthd[1101]: do_auth: 身份验证失败: [user=user][服务=imap][领域=] [机制=ldap] [原因=未知]