Christian Rößner <c...@roessner-network-solutions.com> writes: >>> What about SASL-AUTH (i.e. EXTERNAL) and or Kerberos support in >>> ldap_table? I was looking for not binding with binddn/bindpw to my >>> LDAP-server and using something like authz-regexp to map the user. But >>> could not find the support in postfix :) >> >> You may use the sasl auxprop ldapdb and GSSAPI mechanism >> > > Are you sure that is working at the backend side? > > I have used a very simple ldap.cf file from my current postfix configuration > and commented out the binddn/bindpw stuff: > > I have done a test with a regular user taking postfix' x509 certs: > > The result from LDAP: > > Sep 15 13:50:09 db slapd[1355]: do_bind: dn () SASL mech EXTERNAL > Sep 15 13:50:09 db slapd[1355]: do_bind: SASL/EXTERNAL bind: > dn="cn=mx0.roessner-net.de" sasl_ssf=0 > > This is, what I wished to have. > > But how can I set up postfix _backend_ ldap to use sasl? > > Binding with DN looks like this: > > Sep 15 13:38:08 db slapd[1355]: do_bind: version=3 > dn="cn=proxyuser,dc=roessner-net,dc=de" method=128 > Sep 15 13:38:08 db slapd[1355]: do_bind: v3 bind: > "cn=proxyuser,dc=roessner-net,dc=de" to "cn=proxyuser,dc=roessner-net,dc=de" > > But I would like the EXTERNAL mech from SASL ;) And maybe at a final result > Kerberos. > > Maybe I want too much? :)
I use ldapdb for cyrus-imapd and postfix authentication but haven't tested with EXTERNAL mechanisms for users. Just an excerpt from /etc/sasl2/smtpd.conf pwcheck_method: auxprop auxprop_plugin: ldapdb mech_list: LOGIN DIGEST-MD5 ldapdb_uri: ldap://localhost ldapdb_mech: EXTERNAL ldapdb_rc: /etc/sasl2/ldaprc ldapdb_starttls: demand and from /etc/sasl2/ldaprc TLS_CACERT /etc/openldap/certs/avciCA.pem TLS_CERT /etc/openldap/certs/mailadmin.pem TLS_KEY /etc/openldap/certs/mailadmin-key.pem TLS_CIPHER_SUITE HIGH The EXTERNAL mechanism is to authenticate the proxy user mailadmin. OpenLDAP needs proper authz-policy and authz-regexp configured though. -Dieter -- Dieter Klünter | Systemberatung sip: 7770...@sipgate.de http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6
