> Authenticate what? Postfix cannot forge the connecting SMTP client's
> private key to convince the LDAP server that it is the client via
> "EXTERNAL" auth.
>
> If you are talking about authenticating the Postfix LDAP client, so that
> one does not to specify a "bind_pw", then I'll try to get thi
On Tue, Sep 28, 2010 at 09:15:02AM +0200, Patrick Ben Koetter wrote:
> > This is not "EXTERNAL" support for the Postfix SASL server. Rather,
> > this is "EXTERNAL" support for the Postfix LDAP client, with the LDAP
> > server mapping the TLS client to some suitable authentication identity.
> >
>
* Victor Duchovni :
> On Mon, Sep 27, 2010 at 11:09:04PM +0200, Patrick Ben Koetter wrote:
>
> > * Christian R??ner :
> > > It works!
> >
> > Probably OT for this list and better suited for the developers list, but
> > does
> > it still work without any errors? Having EXTERNAL available in LDAP
On Mon, Sep 27, 2010 at 11:09:04PM +0200, Patrick Ben Koetter wrote:
> * Christian R??ner :
> > It works!
>
> Probably OT for this list and better suited for the developers list, but does
> it still work without any errors? Having EXTERNAL available in LDAP queries
> would be quite nice - you get
* Christian Rößner :
> It works!
Probably OT for this list and better suited for the developers list, but does
it still work without any errors? Having EXTERNAL available in LDAP queries
would be quite nice - you get TLS, authentication and authorization at once.
Could this become part of Postfix
> I have to check, if I did a mistake with the patch itself, causing the man
> page errors, or if the patch needs little tweaks :) But at least the
> functionality is working. I am so happy! :)
The patch has very little bugs. The following snippet from the patch _could_
look like this:
--- pro
--On Wednesday, September 15, 2010 7:06 PM +0200 Christian Rößner
wrote:
I have to check, if I did a mistake with the patch itself, causing the
man page errors, or if the patch needs little tweaks :) But at least the
functionality is working. I am so happy! :)
Glad to hear it! I only ever u
It works!
The ldap_table SASL patch works for me on postfix-2.8-20100913
Sep 15 18:57:58 db slapd[1355]: do_bind: dn () SASL mech EXTERNAL
Sep 15 18:57:58 db slapd[1355]: ==>slap_sasl2dn: converting SASL name
cn=mx0.roessner-net.de to a DN
Sep 15 18:57:58 db slapd[1355]: slap_parseURI: parsing
> I have the patch, it has not yet been fully reviewed/integrated. If
> anyone wants to test it "as is", it is attached.
Thanks. I took the patch and applied it. Is compiled without warnings. Just
little bugs in the man page, which I am going to fix tomorrow.
server_host = ldap://db.roessner-net
On Wed, Sep 15, 2010 at 07:34:51AM -0700, Quanah Gibson-Mount wrote:
> I wrote a patch to support SASL mechanisms when connecting to LDAP many
> years ago, and maintained for for a time. However, I left the job where I
> required it back in 2007, and didn't do much with it since that point in
Christian Rößner writes:
>>> What about SASL-AUTH (i.e. EXTERNAL) and or Kerberos support in
>>> ldap_table? I was looking for not binding with binddn/bindpw to my
>>> LDAP-server and using something like authz-regexp to map the user. But
>>> could not find the support in postfix :)
>>
>> You ma
--On Wednesday, September 15, 2010 2:19 PM +0200 Christian Rößner
wrote:
Hi gain,
little question:
What about SASL-AUTH (i.e. EXTERNAL) and or Kerberos support in
ldap_table? I was looking for not binding with binddn/bindpw to my
LDAP-server and using something like authz-regexp to map the u
>> What about SASL-AUTH (i.e. EXTERNAL) and or Kerberos support in
>> ldap_table? I was looking for not binding with binddn/bindpw to my
>> LDAP-server and using something like authz-regexp to map the user. But
>> could not find the support in postfix :)
>
> You may use the sasl auxprop ldapdb and
Christian Rößner writes:
> Hi gain,
>
> little question:
>
> What about SASL-AUTH (i.e. EXTERNAL) and or Kerberos support in
> ldap_table? I was looking for not binding with binddn/bindpw to my
> LDAP-server and using something like authz-regexp to map the user. But
> could not find the support i
* Brian Evans - Postfix List :
> On 9/15/2010 8:19 AM, Christian Rößner wrote:
> >Hi gain,
> >
> >little question:
> >
> >What about SASL-AUTH (i.e. EXTERNAL) and or Kerberos support in ldap_table?
> >I was looking for not binding with binddn/bindpw to my LDAP-server and using
> >something like
> Postfix uses Dovecot or Cyrus libraries for SASL implementations.
>
> It does not care how they are configured to look on their backend for
> requests.
But the backend is a part of the setup. Shouldn't it cover it?
My wishlist features for example would be:
/etc/postfix/some_ldap.cf:
...
lda
On 9/15/2010 8:19 AM, Christian Rößner wrote:
Hi gain,
little question:
What about SASL-AUTH (i.e. EXTERNAL) and or Kerberos support in ldap_table? I
was looking for not binding with binddn/bindpw to my LDAP-server and using
something like authz-regexp to map the user. But could not find the
Hi gain,
little question:
What about SASL-AUTH (i.e. EXTERNAL) and or Kerberos support in ldap_table? I
was looking for not binding with binddn/bindpw to my LDAP-server and using
something like authz-regexp to map the user. But could not find the support in
postfix :)
Best regards
Christian
18 matches
Mail list logo
