a proxy for multiple sasl instances

Chentao Credungtao chentaocredungtao at yahoo.com
Sun Mar 26 02:45:09 EDT 2017


Yes, you're right, don't know why I didn't think about it before, that's 
what I'm gonna do

Still, handling the proxy at SASL level seems to be more rational to me. 
How would I handle this situation if one of the authentication 
repositories wasn't an LDAP server, but for example a SQL server ? 
Having a "proxy by domain" feature built into Cyrus SASL would be nice...


On 25/03/2017 16:36, Thomas Harding wrote:
> Why don't use an Openldap instance as proxy ?
>
> Le 25 mars 2017 09:42:37 GMT+01:00, Chentao Credungtao via Cyrus-sasl <cyrus-sasl at lists.andrew.cmu.edu> a écrit :
>> Hi,
>>
>> I need to set up Postfix authentication against multiple (3) OpenLDAP
>> servers.
>>
>> I managed to run 3 instances of SASL, each one authenticating against
>> one of the 3 servers :
>>
>> First instance, authenticating against the first LDAP server
>> (example.com) :
>> # testsaslauthd -f /var/run/saslauthd-com/mux -u john.doe at example.com
>> -p
>> password1
>> 0: OK "Success."
>>
>> Second instance, authenticating against the second LDAP server
>> (example.net) :
>> # testsaslauthd -f /var/run/saslauthd-net/mux -u jane.doe at example.net
>> -p
>> password2
>> 0: OK "Success."
>>
>> Third instance, authenticating against the third LDAP server
>> (example.org) :
>> # testsaslauthd -f /var/run/saslauthd-org/mux -u jimmy.doe at example.org
>> -p password3
>> 0: OK "Success."
>>
>> The problem : it seems Postfix can only authenticate against one
>> running
>> instance of SASL.
>>
>>
>> Is it possible to set up some kind of a SASL proxy, that forwards each
>> authentication-request to another SASL instance, depending on the
>> e-mail
>> domain ?
>> Something like :
>>
>> # testsaslauthd -f /var/run/saslauthd-proxy/mux -u john.doe at example.com
>>
>> -p password1
>> ==> should be forwarded to /var/run/saslauthd-com
>>
>> # testsaslauthd -f /var/run/saslauthd-proxy/mux -u jane.doe at example.net
>>
>> -p password2
>> ==> should be forwarded to /var/run/saslauthd-net
>>
>> # testsaslauthd -f /var/run/saslauthd-proxy/mux -u
>> jimmy.doe at example.org
>> -p password2
>> ==> should be forwarded to /var/run/saslauthd-org
>>
>> Thanks (any other idea to approach this problem is welcome)
>>
>> Chen



More information about the Cyrus-sasl mailing list