Hi all,
The short version: I want LDAP server authenticity to Postfi without
Postfix authenticity to LDAP.
The long version:
I wanted my Postfix to look up recipients and mail aliases in my LDAP DB.
The ldap_table(5) man page states a parameter 'tls_key' which is confusing.
I thought that the private server key for the LDAP host is to be secret
(that is, is to remain on my LDAP host and not be given away to clients
such as Postfix)?? Reading a bit more, there is a parameter 'tls_cert'
which shall point to a 'client certificate'. So I presume that 'tls_key'
is to point to a *client* key, am I right? If that's the case, how can
I turn this off? The man page says this parameter is mandatory, but
there is no point having Postfix authenticated to LDAP since LDAP does
not reveal any secrets by the DN that Postfix uses to bind to LDAP anyway.
Another option would be to turn off TLS all together, but that refutes
the purpose of TLS, doesn't it?
Thanks.
Regards,
Winston Smith
