Hi, My question is not directly related to Postfix, but hopefully someone could point me in the right direction.
I am building a SMTP relay server with SASL authentication, using LDAP (Active Directory) as a backend and it does work. Regular users can send emails after being authenticated. My goal is to restrict access based on a group from the directory. This is what I am using for my saslauthd.conf: ldap_servers: ldaps://ldaps.example.net ldap_tls_check_peer: yes ldap_version: 3 ldap_search_base: DC=example,DC=net ldap_scope: sub ldap_filter: (&(sAMAccountName=%u)(memberOf=CN=SMTP-Auth,OU=Groups,DC=example,DC=net)) ldap_group_attr: sAMAccountName ldap_group_match_method: filter ldap_group_dn: CN=SMTP-Auth,OU=Groups,DC=example,DC=net ldap_group_search_base: DC=example,DC=net ldap_auth_method: bind ldap_debug: 6 ldap_bind_dn: CN=saslauthd,OU=Special Accounts,DC=example,DC=net ldap_bind_pw: REDACTED I have tried few variants (using ldap_group_filter instead of ldap_filter for instance) without any luck. And I didn't find much examples or documentation about this. Any help would be appreciated. Thanks. Sincerely, -- Xavier Belanger
