>> What about SASL-AUTH (i.e. EXTERNAL) and or Kerberos support in >> ldap_table? I was looking for not binding with binddn/bindpw to my >> LDAP-server and using something like authz-regexp to map the user. But >> could not find the support in postfix :) > > You may use the sasl auxprop ldapdb and GSSAPI mechanism >
Are you sure that is working at the backend side? I have used a very simple ldap.cf file from my current postfix configuration and commented out the binddn/bindpw stuff: I have done a test with a regular user taking postfix' x509 certs: The result from LDAP: Sep 15 13:50:09 db slapd[1355]: do_bind: dn () SASL mech EXTERNAL Sep 15 13:50:09 db slapd[1355]: do_bind: SASL/EXTERNAL bind: dn="cn=mx0.roessner-net.de" sasl_ssf=0 This is, what I wished to have. But how can I set up postfix _backend_ ldap to use sasl? Binding with DN looks like this: Sep 15 13:38:08 db slapd[1355]: do_bind: version=3 dn="cn=proxyuser,dc=roessner-net,dc=de" method=128 Sep 15 13:38:08 db slapd[1355]: do_bind: v3 bind: "cn=proxyuser,dc=roessner-net,dc=de" to "cn=proxyuser,dc=roessner-net,dc=de" But I would like the EXTERNAL mech from SASL ;) And maybe at a final result Kerberos. Maybe I want too much? :) Christian --- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com
PGP.sig
Description: Signierter Teil der Nachricht
