Hi! On Tue, Jul 7, 2009 at 3:16 PM, Victor Duchovni < [email protected]> wrote:
> On Mon, Jul 06, 2009 at 09:36:17PM +0200, Patrick Ben Koetter wrote: > > > * Terry L. Inzauro <[email protected]>: > > > What is the recommended and most scalable method for implementing SMTP > Auth > > > against OpenLDAP that currently manages all IMAP accounts? > > > > Cyrus SASL ldapdb plugin: > > > > The ldapdb auxprop plugin provides access to credentials stored in an > > OpenLDAP LDAP server. It is the only plugin that implements proxy > > authorization. > > > > Proxy authorization in this context means: The ldapdb plugin must SASL > > authenticate with the OpenLDAP server. The server then decides if the > > ldapdb plugin should be authorized to read the authenticating users > > password. > > > > Once the ldapdb plugin has gone through proxy authorization it may > proceed > > and authenticate the submitted credentials. > > Is there another plugin which authenticates users by binding to LDAP > *as the user*, and using the success/failure of that to decide whether > a user's password is valid? > > This could perhaps also be accomplished via a suitable PAM stack or via > indirect mechanisms such as "rimap" or dovecot auth. I actually use: postfix -- SASL --> dovecot -- PAM --> LDAP There is no particular reason why you can't do: postfix --> dovecot --> LDAP You just need to check dovecot's documentation, I used pam because I was already using it. Ildefonso Camargo > > -- > Viktor. > > Disclaimer: off-list followups get on-list replies or get ignored. > Please do not ignore the "Reply-To" header. > > To unsubscribe from the postfix-users list, visit > http://www.postfix.org/lists.html or click the link below: > <mailto:[email protected]?body=unsubscribe%20postfix-users> > > If my response solves your problem, the best way to thank me is to not > send an "it worked, thanks" follow-up. If you must respond, please put > "It worked, thanks" in the "Subject" so I can delete these quickly. >
