Re: SASL-AUTH and/or Kerberos in ldap_table

>> What about SASL-AUTH (i.e. EXTERNAL) and or Kerberos support in
>> ldap_table? I was looking for not binding with binddn/bindpw to my
>> LDAP-server and using something like authz-regexp to map the user. But
>> could not find the support in postfix :)
>
> You may use the sasl auxprop ldapdb and GSSAPI mechanism
>

Are you sure that is working at the backend side?

I have used a very simple ldap.cf file from my current postfix configuration and commented out the binddn/bindpw stuff:

I have done a test with a regular user taking postfix' x509 certs:

The result from LDAP:

Sep 15 13:50:09 db slapd[1355]: do_bind: dn () SASL mech EXTERNAL
Sep 15 13:50:09 db slapd[1355]: do_bind: SASL/EXTERNAL bind: dn="cn=mx0.roessner-net.de" sasl_ssf=0

This is, what I wished to have.

But how can I set up postfix _backend_ ldap to use sasl?

Binding with DN looks like this:

Sep 15 13:38:08 db slapd[1355]: do_bind: version=3 dn="cn=proxyuser,dc=roessner-net,dc=de" method=128
Sep 15 13:38:08 db slapd[1355]: do_bind: v3 bind: "cn=proxyuser,dc=roessner-net,dc=de" to "cn=proxyuser,dc=roessner-net,dc=de"

But I would like the EXTERNAL mech from SASL ;) And maybe at a final result Kerberos.

Maybe I want too much? :)

Christian
--- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com

• This message: [ Message body ]
• Next message: Quanah Gibson-Mount: "Re: SASL-AUTH and/or Kerberos in ldap_table"
• Previous message: Dieter Kluenter: "Re: SASL-AUTH and/or Kerberos in ldap_table"
• In reply to: Dieter Kluenter: "Re: SASL-AUTH and/or Kerberos in ldap_table"
• Next in thread: Dieter Kluenter: "Re: SASL-AUTH and/or Kerberos in ldap_table"
• Reply: Dieter Kluenter: "Re: SASL-AUTH and/or Kerberos in ldap_table"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]