Hello Adam! Thank you very much for your reply! The problem (I guess it is a problem, not sure yet :) is, I'm using the pam authentication in both squid (using /usr/sbin/pam_auth) and postfix (using PAM and sasl authentication in main.cf), where, in /etc/ldap.conf the pam_login_attribute is set to sAMAccountName and the server is pointing to my OpenLDAP server (this means that currently everyone have access to both services)
But that is the problem, I use the same /etc/ldap.conf (with the OpenLDAP server URI, base, bindn, bindpw and pam_login_atribute) for both services. Well, I hope this email wasn't very confused to you, and thanks again for any help. Best, Steve On 8/29/07, Adam Tauno Williams <[EMAIL PROTECTED]> wrote: > > > Well, my doubt is, how to make the proxy and email services (running > > on Machine 2) interact with my LDAP server, in such a way that the > > proxy only authenticate users belonging to the group Proxy and the > > email only authenticate users belonging to the group Email ? > > Simple, configure the services appropriately. For squid this is very > simply and they provide a module for it; for e-mail you configure you > MTA and/or IMAP server. For e-mail there is no straight forward answer > since there are x^n ways of configuring most modern mail servers. > > > Is this the best way? Or it would be better to forget about the groups > > approach and create user flags (through attributes), like proxyAllowed > > = "Y" or "N" and emailAllowed = "Y" or "N" ? > > Or even a way to use ACLs of Openldap, allowing the reading of a > > specific field of LDAP (for example, cn=Email,dc=domain and > > cn=Proxy,dc=domain) ? > > Sure attributes can be locked by group membership, connection origin > (hostname), etc... > > > Well, sorry about the big mail, and I'm taking any suggestions!!!!!!! > > > --- > You are currently subscribed to [EMAIL PROTECTED] as: [ > [EMAIL PROTECTED] > To unsubscribe send email to [EMAIL PROTECTED] with the word > UNSUBSCRIBE as the SUBJECT of the message. > > > --- You are currently subscribed to [EMAIL PROTECTED] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
