[ No need to "Cc:" me in replies, just reply to the list. It is
unfortunate that mailman moves my address from "From:" to "Reply-To:",
that's very much not my intent. ]
On Tue, Jul 09, 2024 at 11:50:40AM +1000, hkhk_exact10 wrote:
> > with much additional configuration needed for pam_ldap.
> >
>
> Can you please provide some details about the configuration for this part.
You'll have to read the documentation for the pam_ldap module, and PAM
in general. For "saslauthd" just run "saslauthd -a pam" and perhaps
also an override of the socket path if required.
You probably don't need "account" or "session" lines in the
"/etc/pam.d/smtp" file, since it is used only for authentication,
so just the "auth" lines I posted should be enough.
You may also find that it is easier to use "dovecot" auth, rather than
"saslauthd", with dovecot combining system passwords with AD LDAP. If
you get stuck, after reading the docs and searching the web for
examples, you might ask for help on the dovecot users list.
> As mentioned, I have configure ldap via saslauthd by below configurations
>
> ]# egrep -v "^#|^$" /etc/sysconfig/saslauthd
> SOCKETDIR=/run/saslauthd
> MECH=ldap
> FLAGS="-O /etc/saslauthd.conf"
You'd change this to delegate all the work to PAM, obviating the need
for saslauthd to need to know anything about LDAP, so probably won't
need the file below.
> ]# egrep -v "^#|^$" /etc/saslauthd.conf
> ldap_servers: ldaps://10.1.1.11
> ldap_search_base: xxxxx
> ldap_filter: (sAMAccountName=%u)
> ldap_bind_dn: xxxxxx
> ldap_password:xxxx
> ldap_tls_reqcert: never
You'd have to make corresponding changes in the pam_ldap configuration,
per the manpage, and drop
> # egrep -v "^#|^$" /etc/sasl2/smtpd.conf
> pwcheck_method: saslauthd
> mech_list: plain login
This part stays unchanged.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
