Hello,
first, happy new year !
I have a SMTPS server with SASL user authentication based on LDAP
access/search. I have some troubles with the ldap server, so smtps
service is sometimes down because LDAP service is unreachable.
i would like to add a rescue/secondary backend with a MySQL table to let
users authenticate ever if LDAP is unreachable :
First LDAP access and if the service failed, second MySQL access
How can i do that, with PAM (pam_ldap + pam_mysql) ?
Thank you for any help or config files samples.
Here is my configuration files :
main.cf :
# TLS parameters
smtpd_tls_cert_file=/etc/postfix/certs/smtp.crt
smtpd_tls_key_file=/etc/postfix/certs/smtp.key
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_use_tls=yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
-----
/etc/postfix/sasl/smtpd.conf :
pwcheck_method: saslauthd
#mech_list: plain login
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
allow_plaintext: true
----
/etc/default/saslauthd :
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="ldap"
# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""
# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5
-----
/etc/saslauthd.conf :
ldap_servers: ldap://ldap.univ-lille3.fr
ldap_bind_dn: cn=crir,ou=ldapusers,dc=univ-lille3,dc=fr
ldap_password: xxxxxxxxxxxx
ldap_search_base: ou=people,dc=univ-lille3,dc=fr
ldap_filter: eduPersonPrincipalName=%U
ldap_password_attr: userPassword
