[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antw: Re: Help: LDAP using alias to reference value of another attribute

To: <openldap-technical@openldap.org>,<michael@stroeder.com>
Subject: Antw: Re: Help: LDAP using alias to reference value of another attribute
From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
Date: Tue, 14 Apr 2015 10:59:24 +0200
Content-disposition: inline
In-reply-to: <552CC4FF.4060600@stroeder.com>
References: <CAGCN28dL17hcuz3e3UHMkD94_r+xrmX7U=F4qn0pjs9OXPCu8Q@mail.gmail.com> <5526B4CE.6030900@stroeder.com> <CAGCN28fH0PT-Qpk1Mr-6iOHfmCr0QuR-Egzsyve98=OgvOaXWw@mail.gmail.com> <552836EC.3020402@stroeder.com> <552B804E020000A100019CAF@gwsmtp1.uni-regensburg.de> <552C2695.7060703@stroeder.com> <552CCC94020000A100019CDD@gwsmtp1.uni-regensburg.de> <552CC4FF.4060600@stroeder.com>

>>> Michael Ströder<michael@stroeder.com> schrieb am 14.04.2015 um 09:42 in
Nachricht <552CC4FF.4060600@stroeder.com>:
> Ulrich Windl wrote:
>> I mean: You create a file like /etc/sasl2/smtpd.conf that contains:
>> # cat smtpd.conf
>> pwcheck_method: saslauthd
>> mech_list: plain login
>> --
>> If saslauthd is configured to use PAM (-a pam), all users that the PAM 
> module
>> finds are valid users for smptd. My question was whether (and how) one can
>> restrict the possible users from the saslauthd configuration file (like
>> smtpd.conf).
> 
> Hmm, if you don't want all your PAM system users to be valid e-mail users 
> then 
> simply don't use PAM. Sometimes one should rethink the software stack if 
> requirements get more clear. smtpd sounds like postfix which has very 
> flexible 
> LDAP support.
> 
> Depending on the PAM/NSS system you're using there could be group authz 
> mechs 
> there too. But you did not provide enough information to really think about

> this. Personally I prefer to directly use the LDAP features of the software

> used.

Hi!

The advantage of the PAM configuration seems to be that you only have to
describe your LDAP structure once, and not for every application.  I thought
there might by a method to restict the accepted users from the sasl
configuration file, but it seems there is none.

Thanks!

Ulrich

Follow-Ups:
- Re: Help: LDAP using alias to reference value of another attribute
  - From: Michael Ströder <michael@stroeder.com>

References:
- Help: LDAP using alias to reference value of another attribute
  - From: Poul Etto <zepouletto@gmail.com>
- Re: Help: LDAP using alias to reference value of another attribute
  - From: Michael Ströder <michael@stroeder.com>
- Re: Help: LDAP using alias to reference value of another attribute
  - From: Poul Etto <zepouletto@gmail.com>
- Re: Help: LDAP using alias to reference value of another attribute
  - From: Michael Ströder <michael@stroeder.com>
- Antw: Re: Help: LDAP using alias to reference value of another attribute
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
- Re: Antw: Re: Help: LDAP using alias to reference value of another attribute
  - From: Michael Ströder <michael@stroeder.com>
- Re: Antw: Re: Help: LDAP using alias to reference value of another attribute
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
- Re: Help: LDAP using alias to reference value of another attribute
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: Help: LDAP using alias to reference value of another attribute
Next by Date: Re: Help: LDAP using alias to reference value of another attribute
Index(es):
- Chronological
- Thread