Re: Using LDAP/SSL
On Fri, Jun 28, 2013 at 09:57:06AM +0200, Joel Carnat wrote: Hi, Hi, I'm having a(nother) look at OpenSMTPd as a Postfix replacement. I'm using OpenSMTPD 5.3.3 on OpenBSD 5.3/i386. I have configured LDAP connexion as such: table ldap ldap:/etc/mail/ldapd.conf It seems to work ; at least to connect. But if I try using ldaps, I get: smtpd: table_create: backend ldaps does not exist Yes, backend != protocol ;-) Both ldap and ldaps would be handled by the ldap backend, however... The ldap backend doesn't support SSL yet. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this email because you are subscribed to mailing list: misc@opensmtpd.org To unsubscribe, send mail with subject: [misc@opensmtpd.org] unregister
Re: Using LDAP/SSL
Le 28 juin 2013 à 10:07, Gilles Chehade gil...@poolp.org a écrit : On Fri, Jun 28, 2013 at 09:57:06AM +0200, Joel Carnat wrote: Hi, Hi, I'm having a(nother) look at OpenSMTPd as a Postfix replacement. I'm using OpenSMTPD 5.3.3 on OpenBSD 5.3/i386. I have configured LDAP connexion as such: table ldap ldap:/etc/mail/ldapd.conf It seems to work ; at least to connect. But if I try using ldaps, I get: smtpd: table_create: backend ldaps does not exist Yes, backend != protocol ;-) Both ldap and ldaps would be handled by the ldap backend, however... The ldap backend doesn't support SSL yet. ok :) So, is there a way to tell smtpd to not try to authenticate as it's using clear-text connexion ? Right now, my ldap configuration file contains: url ldap://ldap.tumfatig.net usernamecn=user,... passwordmypass If I comment username/password, I then get smtpd: failed to open table ldap Thanks. -- You received this email because you are subscribed to mailing list: misc@opensmtpd.org To unsubscribe, send mail with subject: [misc@opensmtpd.org] unregister
Re: Using LDAP/SSL
On Fri, Jun 28, 2013 at 11:14:50AM +0200, Emmanuel Thierry wrote: Hello, No, the ldap backend at the moment doesn't support anonnymous binds. Not sure if it is wanted.. Is it up to the developer to take such a decision ? ;) Well, let me put some perspective into that: We have made the table API pluggable precisely so that the question of what we want or not doesn't prevent people from writing/using their very own backends wether we like it or not. Anyone can write a ldap backend that supports random feature and there is everything in place for that person to use and share this backend and not have to rely on us to do anything. That being said, two things you should keep in mind: If you solve an issue in an elegant way, we will probably be ok to merge upstream. What we don't want is code that adds code to add code. Send us a diff to ldap that fixes a use-case, make that diff nice, it'll go in. As far as ldap is concerned, we wanted to verify that it was doable, but Eric, Charles and I don't use ldap. I made sure it worked on my box with a local ldap, but there is little will from me to work on that code that I don't use, unless ... 1- work makes it a top priority; 2- a sudden rise of user requests makes it a top priority; 3- someone/somecompany sponsors work in that area; 4- someone comes up with the code and we only have to review/test ;-) Other than these, we are pretty much going to work on other task that we prefer ;-) -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this email because you are subscribed to mailing list: misc@opensmtpd.org To unsubscribe, send mail with subject: [misc@opensmtpd.org] unregister
Re: Digging into using LDAP
Le 28 juin 2013 à 11:44, Gilles Chehade gil...@poolp.org a écrit : On Fri, Jun 28, 2013 at 11:38:29AM +0200, Joel Carnat wrote: snip /etc/mail/smtpd.conf.local lan_addr = 192.168.0.218 listen on $lan_addr table ldap ldap:/etc/mail/ldapd.conf accept for domain tumfatig.net alias ldap deliver to maildir /home/vmail/%{rcpt.domain}/%{rcpt.user}/ accept for any relay snip either use a virtual mapping, since that will use the full email address as the key, or extend the backend to support expansion so that you can use %{rcpt} instead of %s OK, so the configuration line now goes accept for domain tumfatig.net virtual ldap deliver to maildir /home/vmail/%{rcpt.domain}/%{rcpt.user}/ And the postmaster alias is now resolved and delivered (to an external domain/user name). YeePee !!! :D BUT :) I also have accounts on this domain for which I want to deliver mail directly. For them, the LDAP filter and field are different than for aliases. I have tried using credentials_filter and userinfo_filter but this doesn't seem to do what I want. # Aliases alias_filter((mail=%s)(objectClass=CourierMailAlias)) alias_attributesmaildrop # Account userinfo_filter ((mail=%s)(objectClass=CourierMailAccount)) userinfo_attributes mailbox According to smtpd log, it only looks for objectClass=CourierMailAlias using full mail, then username, then domain name, then '@'. What is the way to tell opensmtpd to ? - first, try to find an alias using ((mail=%s)(objectClass=CourierMailAlias)) - then, try to find an account using ((mail=%s)(objectClass=CourierMailAccount)) Thanks for help. -- You received this email because you are subscribed to mailing list: misc@opensmtpd.org To unsubscribe, send mail with subject: [misc@opensmtpd.org] unregister