On 2016-11-30 09:35, mar...@skjoldebrand.eu wrote: > 2016-11-29 18:25 skrev Viktor Dukhovni: >>> On Nov 29, 2016, at 5:55 AM, Sven Schwedas <sven.schwe...@tao.at> wrote: >>> >>> As long as saslauthd can bind against it like a regular Active Directory >>> (=LDAP) server, it should work without special configuration inside >>> postfix. >> >> But the packets are unlikely to stay behind corporate firewalls, so one >> would definitely want to make sure that the traffic is encrypted. >> Otherwise, validating cleartext passwords over and unencrypted LDAP >> connection is generally unwise. > > Indeed - very unwise.
Cyrus saslauthd and recent-ish Windows Server versions (and Azure AD) can handle TLS, and connect fine over $favourite_vpn_solution, I'm not sure what else you'd need. > Well, maybe I dare look into this in the future. I've made various web > service talk to LDAP/Active Directory in the past, but never Postfix. > Will have to find documentation on the process. http://www.postfix.org/SASL_README.html That's basically it: Set up your favourite SASL solution (I'm using cyrus saslauthd with regular, non-Azure, Active Directory) against your ADDCs, then just configure Postfix to use it. -- Mit freundlichen Grüßen, / Best Regards, Sven Schwedas, Systemadministrator Mail/XMPP sven.schwe...@tao.at | Skype sven.schwedas TAO Digital | Lendplatz 45 | A8020 Graz https://www.tao-digital.at | Tel +43 680 301 7167 https://pave.software – PAVE Password Manager
signature.asc
Description: OpenPGP digital signature
