On Tue, Sep 28, 2010 at 09:15:02AM +0200, Patrick Ben Koetter wrote:
> > This is not "EXTERNAL" support for the Postfix SASL server. Rather,
> > this is "EXTERNAL" support for the Postfix LDAP client, with the LDAP
> > server mapping the TLS client to some suitable authentication identity.
> >
> > At this time, there is no code in the Postfix SMTP server to process
> > the client Subject DN or subjectAltName list to derive an external
> > identifier for SMTP SASL.
>
> Yes, I know. I would be interested in LDAP queries to e.g. an OpenLDAP server
> where Postfix as querying instance uses SASL EXTERNAL to authenticate.
Authenticate what? Postfix cannot forge the connecting SMTP client's
private key to convince the LDAP server that it is the client via
"EXTERNAL" auth.
If you are talking about authenticating the Postfix LDAP client, so that
one does not to specify a "bind_pw", then I'll try to get this done in
the next month or two...
--
Viktor.
