[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Antw: Re: Help: LDAP using alias to reference value of another attribute

To: <openldap-technical@openldap.org>,<michael@stroeder.com>
Subject: Re: Antw: Re: Help: LDAP using alias to reference value of another attribute
From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
Date: Tue, 14 Apr 2015 08:15:16 +0200
Content-disposition: inline
In-reply-to: <552C2695.7060703@stroeder.com>
References: <CAGCN28dL17hcuz3e3UHMkD94_r+xrmX7U=F4qn0pjs9OXPCu8Q@mail.gmail.com> <5526B4CE.6030900@stroeder.com> <CAGCN28fH0PT-Qpk1Mr-6iOHfmCr0QuR-Egzsyve98=OgvOaXWw@mail.gmail.com> <552836EC.3020402@stroeder.com> <552B804E020000A100019CAF@gwsmtp1.uni-regensburg.de> <552C2695.7060703@stroeder.com>

>>> Michael Ströder<michael@stroeder.com> schrieb am 13.04.2015 um 22:27 in
Nachricht <552C2695.7060703@stroeder.com>:
> Ulrich Windl wrote:
>>>>> Michael Ströder<michael@stroeder.com> schrieb am 10.04.2015 um 22:47 in
>> Nachricht <552836EC.3020402@stroeder.com>:
>>> Poul Etto wrote:
>>>> Thank you for answers...
>>>>
>>>> Michael: We didn't know about it... We need such a structure as each of
>> our
>>>> employees has an account but does not always have access to all our
>>>> services (and there really are many), so we prefered spliting everything
>> in
>>>> different OUs.
>>>
>>> You should use group entries for authorization. I'm also using
>>> slapo-memberof
>>> which automatically adds back link attribute 'memberOf' to group member
>>> entries. This gives you best flexibility with most LDAP enabled
>>> applications.
>>
>> So if you use that approach, can you enable specific groups for saslauthd 
> per
>> application (configuration file)? That sounds interesting, but I don't know

> how
>> to do it.
> 
> I don't understand your question. What does "enable [..] for saslauthd" 
> means 
> for you?

Hi!

I mean: You create a file like /etc/sasl2/smtpd.conf that contains:
# cat smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
--
If saslauthd is configured to use PAM (-a pam), all users that the PAM module
finds are valid users for smptd. My question was whether (and how) one can
restrict the possible users from the saslauthd configuration file (like
smtpd.conf).

Clear now?

Regards,
Ulrich

Follow-Ups:
- Re: Help: LDAP using alias to reference value of another attribute
  - From: Michael Ströder <michael@stroeder.com>

References:
- Help: LDAP using alias to reference value of another attribute
  - From: Poul Etto <zepouletto@gmail.com>
- Re: Help: LDAP using alias to reference value of another attribute
  - From: Michael Ströder <michael@stroeder.com>
- Re: Help: LDAP using alias to reference value of another attribute
  - From: Poul Etto <zepouletto@gmail.com>
- Re: Help: LDAP using alias to reference value of another attribute
  - From: Michael Ströder <michael@stroeder.com>
- Antw: Re: Help: LDAP using alias to reference value of another attribute
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
- Re: Antw: Re: Help: LDAP using alias to reference value of another attribute
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: can't chang ldap user passwd by self
Next by Date: Re: Help: LDAP using alias to reference value of another attribute
Index(es):
- Chronological
- Thread