July 17, 2020 9:39 AM, "Éloi Rivard" <eloi.riv...@aquilenet.fr> wrote:
> Hi, > > I have a LDAP table that is working great, but now I would like to avoid clear > connections and enable SSL. There is an old mail [1] stating that it is not > possible, but I would like to check if it is still the case 7 years later. > > So here is my configuration: smtpd.conf has a LDAP table. > > table ldap ldap:/etc/mail/ldap.conf > > And /etc/mail/ldap.conf has a very basic configuration: > > url ldap://ldap.mydomain.tld > username cn=admin,dc=mydomain,dc=tld > password xxxxxxxx > basedn ou=Users,dc=mydomain,dc=tld > > ... > > Switching ldap:// to ldaps:// prevents OpenSMTPD to start. Am I missing > something or is the feature not implemented yet? > Hello, Nothing has changed because I'm the author of the backend and I don't have an incentive to continue working on it as I've never used it. I thought if I wrote a working ldap backend, someone with actual interest would pick up the work and improve it but it never happened. In my opinion, table-ldap from extras is doomed as it relies on a lib that is barely maintained and doing LDAP asynchronously is painful. I doubt the code will go much further than it currently does. If the table-procexec work I documented on my blog gets pushed to OpenBSD, then it will ease the writing of a table-ldap with a modern library. Gilles