Antw: Re: Help: LDAP using alias to reference value of another attribute
>> Michael Ströder<michael(a)stroeder.com> schrieb am
14.04.2015 um 09:42 in
Nachricht <552CC4FF.4060600(a)stroeder.com>:
Ulrich Windl wrote:
> I mean: You create a file like /etc/sasl2/smtpd.conf that contains:
> # cat smtpd.conf
> pwcheck_method: saslauthd
> mech_list: plain login
> --
> If saslauthd is configured to use PAM (-a pam), all users that the PAM
module
> finds are valid users for smptd. My question was whether (and how) one can
> restrict the possible users from the saslauthd configuration file (like
> smtpd.conf).
Hmm, if you don't want all your PAM system users to be valid e-mail users
then
simply don't use PAM. Sometimes one should rethink the software stack if
requirements get more clear. smtpd sounds like postfix which has very
flexible
LDAP support.
Depending on the PAM/NSS system you're using there could be group authz
mechs
there too. But you did not provide enough information to really think about
this. Personally I prefer to directly use the LDAP features of the
software
used.
Hi!
The advantage of the PAM configuration seems to be that you only have to
describe your LDAP structure once, and not for every application. I thought
there might by a method to restict the accepted users from the sasl
configuration file, but it seems there is none.
Thanks!
Ulrich