Re: Azure Active Directory

2016-12-03 Thread 

On 12/2/16 4:32 PM, Petri Riihikallio wrote:


As long as saslauthd can bind against it like a regular Active Directory
(=LDAP) server, it should work without special configuration inside
postfix.

Does Azure AD support LDAP?

Yes.

Re: Azure Active Directory

2016-12-02 Thread Petri Riihikallio 
> As long as saslauthd can bind against it like a regular Active Directory
> (=LDAP) server, it should work without special configuration inside
> postfix.

Does Azure AD support LDAP? At least in the beginning it didn’t, but I haven’t 
come across a definitive answer. There is a new RESTful API called Azure AD 
Graph. (If I have understood correctly, the MS LDAP implementation didn’t scale 
well to Azure proportions.)

(I’m sorry I am late to the party.)
-- 
Cheers
Petri
GSM +358 400 505 939

Re: Azure Active Directory

2016-11-30 Thread Sven Schwedas 
On 2016-11-30 09:35, mar...@skjoldebrand.eu wrote:
> 2016-11-29 18:25 skrev Viktor Dukhovni:
>>> On Nov 29, 2016, at 5:55 AM, Sven Schwedas  wrote:
>>>
>>> As long as saslauthd can bind against it like a regular Active Directory
>>> (=LDAP) server, it should work without special configuration inside
>>> postfix.
>>
>> But the packets are unlikely to stay behind corporate firewalls, so one
>> would definitely want to make sure that the traffic is encrypted.
>> Otherwise, validating cleartext passwords over and unencrypted LDAP
>> connection is generally unwise.
> 
> Indeed - very unwise.

Cyrus saslauthd and recent-ish Windows Server versions (and Azure AD)
can handle TLS, and connect fine over $favourite_vpn_solution, I'm not
sure what else you'd need.

> Well, maybe I dare look into this in the future. I've made various web
> service talk to LDAP/Active Directory in the past, but never Postfix.
> Will have to find documentation on the process.

http://www.postfix.org/SASL_README.html

That's basically it: Set up your favourite SASL solution (I'm using
cyrus saslauthd with regular, non-Azure, Active Directory) against your
ADDCs, then just configure Postfix to use it.


-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
Mail/XMPP sven.schwe...@tao.at | Skype sven.schwedas
TAO Digital | Lendplatz 45 | A8020 Graz
https://www.tao-digital.at | Tel +43 680 301 7167
https://pave.software – PAVE Password Manager



signature.asc
Description: OpenPGP digital signature

Re: Azure Active Directory

2016-11-30 Thread martin 

2016-11-29 18:25 skrev Viktor Dukhovni:
On Nov 29, 2016, at 5:55 AM, Sven Schwedas  
wrote:


As long as saslauthd can bind against it like a regular Active 
Directory

(=LDAP) server, it should work without special configuration inside
postfix.


But the packets are unlikely to stay behind corporate firewalls, so one
would definitely want to make sure that the traffic is encrypted.
Otherwise, validating cleartext passwords over and unencrypted LDAP
connection is generally unwise.


Indeed - very unwise.
Well, maybe I dare look into this in the future. I've made various web 
service talk to LDAP/Active Directory in the past, but never Postfix. 
Will have to find documentation on the process.


Thanks,

Martin S

Re: Azure Active Directory

2016-11-29 Thread Viktor Dukhovni 

> On Nov 29, 2016, at 5:55 AM, Sven Schwedas  wrote:
> 
> As long as saslauthd can bind against it like a regular Active Directory
> (=LDAP) server, it should work without special configuration inside
> postfix.

But the packets are unlikely to stay behind corporate firewalls, so one
would definitely want to make sure that the traffic is encrypted.
Otherwise, validating cleartext passwords over and unencrypted LDAP
connection is generally unwise.

-- 
Viktor.

Re: Azure Active Directory

2016-11-29 Thread Sven Schwedas 
On 2016-11-29 10:41, mar...@skjoldebrand.eu wrote:
> Today my mail server uses MySQL as a backend to keep all users/pw's
> which is fine as far as that goes.
> However, has anyone tried using Windows Azure Active Directory as a
> authentication backend - any hints/pointers etc to this.

As long as saslauthd can bind against it like a regular Active Directory
(=LDAP) server, it should work without special configuration inside
postfix.

> Might be lacking googlefu again - if so appoligies.
> 
> /Martin S

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
Mail/XMPP sven.schwe...@tao.at | Skype sven.schwedas
TAO Digital | Lendplatz 45 | A8020 Graz
https://www.tao-digital.at | Tel +43 680 301 7167
https://pave.software – PAVE Password Manager



signature.asc
Description: OpenPGP digital signature