Yes, you're right, don't know why I didn't think about it before, that's
what I'm gonna do
Still, handling the proxy at SASL level seems to be more rational to me.
How would I handle this situation if one of the authentication
repositories wasn't an LDAP server, but for example a SQL server ?
Having a "proxy by domain" feature built into Cyrus SASL would be nice...
On 25/03/2017 16:36, Thomas Harding wrote:
Why don't use an Openldap instance as proxy ?
Le 25 mars 2017 09:42:37 GMT+01:00, Chentao Credungtao via Cyrus-sasl <cyrus-sasl@xxxxxxxxxxxxxxxxxxxx> a écrit :
Hi,
I need to set up Postfix authentication against multiple (3) OpenLDAP
servers.
I managed to run 3 instances of SASL, each one authenticating against
one of the 3 servers :
First instance, authenticating against the first LDAP server
(example.com) :
# testsaslauthd -f /var/run/saslauthd-com/mux -u john.doe@xxxxxxxxxxx
-p
password1
0: OK "Success."
Second instance, authenticating against the second LDAP server
(example.net) :
# testsaslauthd -f /var/run/saslauthd-net/mux -u jane.doe@xxxxxxxxxxx
-p
password2
0: OK "Success."
Third instance, authenticating against the third LDAP server
(example.org) :
# testsaslauthd -f /var/run/saslauthd-org/mux -u jimmy.doe@xxxxxxxxxxx
-p password3
0: OK "Success."
The problem : it seems Postfix can only authenticate against one
running
instance of SASL.
Is it possible to set up some kind of a SASL proxy, that forwards each
authentication-request to another SASL instance, depending on the
e-mail
domain ?
Something like :
# testsaslauthd -f /var/run/saslauthd-proxy/mux -u john.doe@xxxxxxxxxxx
-p password1
==> should be forwarded to /var/run/saslauthd-com
# testsaslauthd -f /var/run/saslauthd-proxy/mux -u jane.doe@xxxxxxxxxxx
-p password2
==> should be forwarded to /var/run/saslauthd-net
# testsaslauthd -f /var/run/saslauthd-proxy/mux -u
jimmy.doe@xxxxxxxxxxx
-p password2
==> should be forwarded to /var/run/saslauthd-org
Thanks (any other idea to approach this problem is welcome)
Chen
