Michael Strödermichael@stroeder.com schrieb am 13.04.2015 um 22:27 in
Nachricht 552C2695.7060703@stroeder.com:
Ulrich Windl wrote:
Michael Strödermichael@stroeder.com schrieb am 10.04.2015 um 22:47 in
Nachricht 552836EC.3020402@stroeder.com:
Poul Etto wrote:
Thank you for answers...
Michael: We didn't know about it... We need such a structure as each of
our
employees has an account but does not always have access to all our services (and there really are many), so we prefered spliting everything
in
different OUs.
You should use group entries for authorization. I'm also using slapo-memberof which automatically adds back link attribute 'memberOf' to group member entries. This gives you best flexibility with most LDAP enabled applications.
So if you use that approach, can you enable specific groups for saslauthd
per
application (configuration file)? That sounds interesting, but I don't know
how
to do it.
I don't understand your question. What does "enable [..] for saslauthd" means for you?
Hi!
I mean: You create a file like /etc/sasl2/smtpd.conf that contains: # cat smtpd.conf pwcheck_method: saslauthd mech_list: plain login -- If saslauthd is configured to use PAM (-a pam), all users that the PAM module finds are valid users for smptd. My question was whether (and how) one can restrict the possible users from the saslauthd configuration file (like smtpd.conf).
Clear now?
Regards, Ulrich