>
> with much additional configuration needed for pam_ldap.
>
Can you please provide some details about the configuration for this part.
As mentioned, I have configure ldap via saslauthd by below configurations
]# egrep -v "^#|^$" /etc/sysconfig/saslauthd
SOCKETDIR=/run/saslauthd
MECH=ldap
FLAGS="-O /etc/saslauthd.conf"
]# egrep -v "^#|^$" /etc/saslauthd.conf
ldap_servers: ldaps://10.1.1.11
ldap_search_base: xxxxx
ldap_filter: (sAMAccountName=%u)
ldap_bind_dn: xxxxxx
ldap_password:xxxx
ldap_tls_reqcert: never
# egrep -v "^#|^$" /etc/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
On Mon, Jul 8, 2024 at 5:13 PM Viktor Dukhovni via Postfix-users <
postfix-users@postfix.org> wrote:
> On Mon, Jul 08, 2024 at 08:39:54AM +0200, Patrick Ben Koetter via
> Postfix-users wrote:
>
> > > I want to setup SMTP authentication in such a way that the user
> > > should first be looked locally (/etc/passwd) and then in AD. Is it
> > > possible to do so? I was able to configure AD auth via sasl (cyrus),
> > > but couldn't do both.
> >
> > Cyrus SASL is able to use saslauthd in order to authenticate users in
> > /etc/passwd.
>
> If saslauthd is configured to use "pam" authentication ("saslauthd -a
> pam"),
> then it should be possible to create a PAM config that uses either
> "pam_unix" or "pam_ldap" in that order. Something like:
>
> /etc/pam.d/smtp
> auth sufficient pam_unix.so
> auth requisite pam_ldap.so use_first_pass
> ...
>
> with much additional configuration needed for pam_ldap.
>
> --
> Viktor.
> _______________________________________________
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org
>
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
