* Victor Duchovni <postfix-users@postfix.org>: > On Mon, Sep 27, 2010 at 11:09:04PM +0200, Patrick Ben Koetter wrote: > > > * Christian R??ner <c...@roessner-network-solutions.com>: > > > It works! > > > > Probably OT for this list and better suited for the developers list, but > > does > > it still work without any errors? Having EXTERNAL available in LDAP queries > > would be quite nice - you get TLS, authentication and authorization at once. > > > > Could this become part of Postfix if it works? I'd volunteer to add some > > documentation to SASL_README if that is the right place besides > > ldap_table(5). > > This is not "EXTERNAL" support for the Postfix SASL server. Rather, > this is "EXTERNAL" support for the Postfix LDAP client, with the LDAP > server mapping the TLS client to some suitable authentication identity. > > At this time, there is no code in the Postfix SMTP server to process > the client Subject DN or subjectAltName list to derive an external > identifier for SMTP SASL.
Yes, I know. I would be interested in LDAP queries to e.g. an OpenLDAP server where Postfix as querying instance uses SASL EXTERNAL to authenticate. I would be interested to have code in the Postfix SMTP server to process the client Subject DN or subjectAltName, but that is not what I am after right now. p...@rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
