On Tue, Sep 18, 2012 at 5:40 PM, Phil Pennock <[email protected]> wrote: >> > Of course, exim4 test works if I delete the ACL. Therefore, >> > and given the successful ldapsearch test, I think that exim4 >> > is not using SASL-GSSAPI. It should because it is linked against >> The existence of the linking against the libldap library is to allow >> Exim to do LDAP lookups but there is no call to the GSSAPI > In addition to that, if you want something that works _now_, then you > should be able to set up an LDAP mirror on the mail server itself, with > syncrepl with "partial" replication, only able to see the necessary > attributes. > > Then you can use ldapi:// to connect to that local LDAP server over a > Unix domain socket, and use peer credentials for authentication. Last I > checked, that was sasl-regexp rules, but I think it's changed.
Along those same lines, according to the openldap docs, the openldap server can be used as a proxy. So you set it up on localhost (or in a VM on your smtp vlan, etc) and openldap do the GSSAPI to your corporate server, while you do simple binds to your local server. ...Todd -- The total budget at all receivers for solving senders' problems is $0. If you want them to accept your mail and manage it the way you want, send it the way the spec says to. --John Levine -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
