|Main Archive Page > Month Archives > postfix-users archives|
>> What about SASL-AUTH (i.e. EXTERNAL) and or Kerberos support in
>> ldap_table? I was looking for not binding with binddn/bindpw to my
>> LDAP-server and using something like authz-regexp to map the user. But
>> could not find the support in postfix :)
> You may use the sasl auxprop ldapdb and GSSAPI mechanism
Are you sure that is working at the backend side?
I have used a very simple ldap.cf file from my current postfix configuration and commented out the binddn/bindpw stuff:
I have done a test with a regular user taking postfix' x509 certs:
The result from LDAP:
Sep 15 13:50:09 db slapd: do_bind: dn () SASL mech EXTERNAL
Sep 15 13:50:09 db slapd: do_bind: SASL/EXTERNAL bind: dn="cn=mx0.roessner-net.de" sasl_ssf=0
This is, what I wished to have.
But how can I set up postfix _backend_ ldap to use sasl?
Binding with DN looks like this:
Sep 15 13:38:08 db slapd: do_bind: version=3 dn="cn=proxyuser,dc=roessner-net,dc=de" method=128
Sep 15 13:38:08 db slapd: do_bind: v3 bind: "cn=proxyuser,dc=roessner-net,dc=de" to "cn=proxyuser,dc=roessner-net,dc=de"
But I would like the EXTERNAL mech from SASL ;) And maybe at a final result Kerberos.
Maybe I want too much? :)
--- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com