* Victor Duchovni <postfix-users@postfix.org>: > On Mon, Jul 06, 2009 at 09:36:17PM +0200, Patrick Ben Koetter wrote: > > > * Terry L. Inzauro <tinza...@ha-solutions.net>: > > > What is the recommended and most scalable method for implementing SMTP > > > Auth > > > against OpenLDAP that currently manages all IMAP accounts? > > > > Cyrus SASL ldapdb plugin: > > > > The ldapdb auxprop plugin provides access to credentials stored in an > > OpenLDAP LDAP server. It is the only plugin that implements proxy > > authorization. > > > > Proxy authorization in this context means: The ldapdb plugin must SASL > > authenticate with the OpenLDAP server. The server then decides if the > > ldapdb plugin should be authorized to read the authenticating users > > password. > > > > Once the ldapdb plugin has gone through proxy authorization it may > > proceed > > and authenticate the submitted credentials. > > Is there another plugin which authenticates users by binding to LDAP > *as the user*, and using the success/failure of that to decide whether > a user's password is valid?
saslauthd can do that if you provide LDAP configuration using a saslauthd.conf. The sources carry a saslauthd.conf in the saslauthd source directory. > This could perhaps also be accomplished via a suitable PAM stack or via > indirect mechanisms such as "rimap" or dovecot auth. Yes, "saslauthd -> pam -> ldap" works, too as well as using "saslauthd -a rimap -O imap.example.com". Be aware though that the latter send authentication data unencrypted unless you use stunnel or something alike to encrypt the transport layer. p...@rick > > -- > Viktor. > > Disclaimer: off-list followups get on-list replies or get ignored. > Please do not ignore the "Reply-To" header. > > To unsubscribe from the postfix-users list, visit > http://www.postfix.org/lists.html or click the link below: > <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users> > > If my response solves your problem, the best way to thank me is to not > send an "it worked, thanks" follow-up. If you must respond, please put > "It worked, thanks" in the "Subject" so I can delete these quickly. -- All technical answers asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
