On Mon, Dec 08, 2003 at 06:17:27PM -0300, [EMAIL PROTECTED] wrote:
> Mainly I whant postix to be able to auth clients agains LDAP, so sasl
> --with_ldap seams to be necessary.
> In respect to OpenLDAP authentication, I'm not shure where it will be necessary.
> To allow querys/changes to the LDAP database I use client_host_addr for querys
> and self ACL for changes, so I guess I could leave OpenLDAP without_sasl
That's a kind of mutual dependencies that cannot easily be resolved.
opensasl --with_ldap -> use LDAP as backend for verifyfing credentials
openldap --with_sasl -> authenticate with SASL for accessing LDAP
If you'd specifify both, then a SASL client could request data from LDAP but before it
could do so it needs to authenticate with SASL, if that's again using the LDAP method
you create and infinite loop.
Obviously you could think about configurations that avoid the loop, however both
packages also have such a dependency at build time because each package requires
libraries
from the other package.
However, for normal setups you don't need that. You use OpenLDAP without with_sasl
but use a simpler authentication method, e.g. a shared secret, possibly with TLS
when the communication between postfix and LDAP is routed over an insecure network.
postfix then offers SASL to the mail clients and uses the "simpler authentication
method"
to communicate with LDAP.
Greetings,
--
Michael van Elst
Internet: [EMAIL PROTECTED]
"A potential Snark may lurk in every tree."
______________________________________________________________________
The OpenPKG Project www.openpkg.org
User Communication List [EMAIL PROTECTED]
