Re: Using LDAP/SSL
On Fri, Jun 28, 2013 at 09:57:06AM +0200, Joel Carnat wrote: Hi, Hi, I'm having a(nother) look at OpenSMTPd as a Postfix replacement. I'm using OpenSMTPD 5.3.3 on OpenBSD 5.3/i386. I have configured LDAP connexion as such: table ldap ldap:/etc/mail/ldapd.conf It seems to work ; at least to connect. But if I try using ldaps, I get: smtpd: table_create: backend ldaps does not exist Yes, backend != protocol ;-) Both ldap and ldaps would be handled by the ldap backend, however... The ldap backend doesn't support SSL yet. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this email because you are subscribed to mailing list: misc@opensmtpd.org To unsubscribe, send mail with subject: [misc@opensmtpd.org] unregister
Re: Using LDAP/SSL
Le 28 juin 2013 à 10:07, Gilles Chehade gil...@poolp.org a écrit : On Fri, Jun 28, 2013 at 09:57:06AM +0200, Joel Carnat wrote: Hi, Hi, I'm having a(nother) look at OpenSMTPd as a Postfix replacement. I'm using OpenSMTPD 5.3.3 on OpenBSD 5.3/i386. I have configured LDAP connexion as such: table ldap ldap:/etc/mail/ldapd.conf It seems to work ; at least to connect. But if I try using ldaps, I get: smtpd: table_create: backend ldaps does not exist Yes, backend != protocol ;-) Both ldap and ldaps would be handled by the ldap backend, however... The ldap backend doesn't support SSL yet. ok :) So, is there a way to tell smtpd to not try to authenticate as it's using clear-text connexion ? Right now, my ldap configuration file contains: url ldap://ldap.tumfatig.net usernamecn=user,... passwordmypass If I comment username/password, I then get smtpd: failed to open table ldap Thanks. -- You received this email because you are subscribed to mailing list: misc@opensmtpd.org To unsubscribe, send mail with subject: [misc@opensmtpd.org] unregister
Re: Using LDAP/SSL
On Fri, Jun 28, 2013 at 11:14:50AM +0200, Emmanuel Thierry wrote: Hello, No, the ldap backend at the moment doesn't support anonnymous binds. Not sure if it is wanted.. Is it up to the developer to take such a decision ? ;) Well, let me put some perspective into that: We have made the table API pluggable precisely so that the question of what we want or not doesn't prevent people from writing/using their very own backends wether we like it or not. Anyone can write a ldap backend that supports random feature and there is everything in place for that person to use and share this backend and not have to rely on us to do anything. That being said, two things you should keep in mind: If you solve an issue in an elegant way, we will probably be ok to merge upstream. What we don't want is code that adds code to add code. Send us a diff to ldap that fixes a use-case, make that diff nice, it'll go in. As far as ldap is concerned, we wanted to verify that it was doable, but Eric, Charles and I don't use ldap. I made sure it worked on my box with a local ldap, but there is little will from me to work on that code that I don't use, unless ... 1- work makes it a top priority; 2- a sudden rise of user requests makes it a top priority; 3- someone/somecompany sponsors work in that area; 4- someone comes up with the code and we only have to review/test ;-) Other than these, we are pretty much going to work on other task that we prefer ;-) -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this email because you are subscribed to mailing list: misc@opensmtpd.org To unsubscribe, send mail with subject: [misc@opensmtpd.org] unregister
Re: Digging into using LDAP
Le 28 juin 2013 à 11:44, Gilles Chehade gil...@poolp.org a écrit :
On Fri, Jun 28, 2013 at 11:38:29AM +0200, Joel Carnat wrote:
snip
/etc/mail/smtpd.conf.local
lan_addr = 192.168.0.218
listen on $lan_addr
table ldap ldap:/etc/mail/ldapd.conf
accept for domain tumfatig.net alias ldap deliver to maildir
/home/vmail/%{rcpt.domain}/%{rcpt.user}/
accept for any relay
snip
either use a virtual mapping, since that will use the full email address
as the key, or extend the backend to support expansion so that you can
use %{rcpt} instead of %s
OK, so the configuration line now goes
accept for domain tumfatig.net virtual ldap deliver to maildir
/home/vmail/%{rcpt.domain}/%{rcpt.user}/
And the postmaster alias is now resolved and delivered (to an external
domain/user name). YeePee !!! :D
BUT :)
I also have accounts on this domain for which I want to deliver mail directly.
For them, the LDAP filter and field are different than for aliases. I have
tried using credentials_filter and userinfo_filter but this doesn't seem to
do what I want.
# Aliases
alias_filter((mail=%s)(objectClass=CourierMailAlias))
alias_attributesmaildrop
# Account
userinfo_filter ((mail=%s)(objectClass=CourierMailAccount))
userinfo_attributes mailbox
According to smtpd log, it only looks for objectClass=CourierMailAlias using
full mail, then username, then domain name, then '@'.
What is the way to tell opensmtpd to ?
- first, try to find an alias using ((mail=%s)(objectClass=CourierMailAlias))
- then, try to find an account using
((mail=%s)(objectClass=CourierMailAccount))
Thanks for help.
--
You received this email because you are subscribed to mailing list:
misc@opensmtpd.org
To unsubscribe, send mail with subject:
[misc@opensmtpd.org] unregister
