December 1, 2020 1:30 PM, "Aisha Tammy" <openbsd.m...@aisha.cc> wrote:
> On 12/1/20 1:31 AM, Martijn van Duren wrote: > >> Hello, >> >> There is table_ldap in the opensmtpd-extras package, but I've never used >> it, it's undocumented and I've heard that the author sees it as a proof >> of concept only at this point. So no idea how far this will take you, >> but it's your best shot. :-) >> This is based on the aldap.[ch] OpenBSD client, unfortunately the author is missing in action and the code lacks support for several features that have been requested over and over. The backend as is works for common use-cases ... on a local LDAP server, no TLS and no leaf referencing a remote LDAP server. To add support for these, I'd have to actually add support in the aldap client which is not something I want to do as it's unpleasant and I don't even use LDAP to start with :-) > Is the table-procexec a viable alternative? > You can create shell wrappers to call ldap functions > and then call the shell wrappers from procexec with > the correct parameters. > This seems very possible, assuming table-procexec is usable. > Last time I checked, procexec didn't have a lot of documentation. > The table-procexec is just a proof-of-concept to show that table API would be better if it went the procexec way. It does work but it's not polished, can't pass a configuration down to a procexec table backend and requires a table-procexec instance for each procexec backend which is not elegant. Switching table API to procexec in OpenSMTPD would require help upstream.
