On Mon, Sep 27, 2010 at 11:09:04PM +0200, Patrick Ben Koetter wrote:
> * Christian R??ner <c...@roessner-network-solutions.com>:
> > It works!
>
> Probably OT for this list and better suited for the developers list, but does
> it still work without any errors? Having EXTERNAL available in LDAP queries
> would be quite nice - you get TLS, authentication and authorization at once.
>
> Could this become part of Postfix if it works? I'd volunteer to add some
> documentation to SASL_README if that is the right place besides ldap_table(5).
This is not "EXTERNAL" support for the Postfix SASL server. Rather,
this is "EXTERNAL" support for the Postfix LDAP client, with the LDAP
server mapping the TLS client to some suitable authentication identity.
At this time, there is no code in the Postfix SMTP server to process
the client Subject DN or subjectAltName list to derive an external
identifier for SMTP SASL.
--
Viktor.
