On Tue, Dec 7, 2010 at 1:09 PM, Patrick Ben Koetter <p...@state-of-mind.de> wrote: > * Jason Voorhees <jvoorhe...@gmail.com>: >> Hi: >> >> For personal reasons I'm planning to migrate a Zimbra installation to >> a Postfix+Cyrus IMAP based schema. My Zimbra server has two domains: >> domain1.com and domain2.com. Users from domain1.com authenticate via >> Active Directory and domain2.com authenticate via Zimbra (using its >> own OpenLDAP server). >> >> As you know Zimbra has postfix embedded with a custom version of >> saslauthd. Now I have to keep the same double authentication schema >> when migrate to postfix so the question is: How could configure >> Postfix to authenticate users from one domain (domain1.com) to a >> backend A (Active Directory) and users from other domain (domain2.com) >> to a backend B (OpenLDAP, MySQL, PAM, etc)? Is it possible? Any ideas? > > It is possible to use several SASL authentication services in chain. You > could, for example, use saslauthd to do Kerberos authentication to a Active > Directory and use another e.g. ldapdb authentication method to access an > OpenLDAP-server. > > A quick sketch of smtpd.conf: > > pwcheck_service: saslauthd auxprop > auxprop_plugin: ldapdb > mech_list: PLAIN LOGIN > ldapdb_uri: ldap://localhost > ldapdb_id: username > ldapdb_pw: secret > ldapdb_mech: DIGEST-MD5 > > And you could call saslauthd like this: > > saslauthd -a kerberos5 ... > > Read the NOTES section of the saslauthd man page for further instructions on > Kerberos. >
That's exactly the idea I was looking for. I didn't know that saslauthd could do this kind of chain configuration trying different services. I'm going to read some documentation, man pages and Google to make this configuration. Thanks, and sorry if this question wasn't related to Postfix. Bye
