* Jason Voorhees <jvoorhe...@gmail.com>: > Hi: > > For personal reasons I'm planning to migrate a Zimbra installation to > a Postfix+Cyrus IMAP based schema. My Zimbra server has two domains: > domain1.com and domain2.com. Users from domain1.com authenticate via > Active Directory and domain2.com authenticate via Zimbra (using its > own OpenLDAP server). > > As you know Zimbra has postfix embedded with a custom version of > saslauthd. Now I have to keep the same double authentication schema > when migrate to postfix so the question is: How could configure > Postfix to authenticate users from one domain (domain1.com) to a > backend A (Active Directory) and users from other domain (domain2.com) > to a backend B (OpenLDAP, MySQL, PAM, etc)? Is it possible? Any ideas?
It is possible to use several SASL authentication services in chain. You could, for example, use saslauthd to do Kerberos authentication to a Active Directory and use another e.g. ldapdb authentication method to access an OpenLDAP-server. A quick sketch of smtpd.conf: pwcheck_service: saslauthd auxprop auxprop_plugin: ldapdb mech_list: PLAIN LOGIN ldapdb_uri: ldap://localhost ldapdb_id: username ldapdb_pw: secret ldapdb_mech: DIGEST-MD5 And you could call saslauthd like this: saslauthd -a kerberos5 ... Read the NOTES section of the saslauthd man page for further instructions on Kerberos. -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
