On Tue, Dec 07, 2010 at 12:45:12PM -0500, Wietse Venema wrote:
> Jason Voorhees:
> > Hi:
> >
> > For personal reasons I'm planning to migrate a Zimbra installation to
> > a Postfix+Cyrus IMAP based schema. My Zimbra server has two domains:
> > domain1.com and domain2.com. Users from domain1.com authenticate via
> > Active Directory and domain2.com authenticate via Zimbra (using its
> > own OpenLDAP server).
> >
> > As you know Zimbra has postfix embedded with a custom version of
> > saslauthd. Now I have to keep the same double authentication schema
> > when migrate to postfix so the question is: How could configure
> > Postfix to authenticate users from one domain (domain1.com) to a
> > backend A (Active Directory) and users from other domain (domain2.com)
> > to a backend B (OpenLDAP, MySQL, PAM, etc)? Is it possible? Any ideas?
> >
> > I hope someone can help me with some ideas.
>
> Postfix does not implement any SASL authentication - SASL
> is implemented entirely by the back-end (Cyrus or Dovecot).
The OP is Talking about Cyrus IMAP, not Cyrus SASL. Presumably he wants
submission users that want to authenticate SMTP submissions to the
Postfix SMTP server to use a domain-dependent SASL backend.
Probably the "rimap" protocol is a good bet here, since both IMAP servers
support SASL auth, so you need to use Cyrus SASL with an domain-dependent
rimap backend. The standard Cyrus SASL saslauthd supports validating
passwords via "rimap" (if your mechanism is PLAIN, I don't believe that
saslauthd supports non-password mechanisms). However, I don't think it
supports domain-dependent selection of the rimap server.
I don't know whether this is possible via directly loaded Cyrus SASL
plugings, or if so which ones.
--
Viktor.
