a proxy for multiple sasl instances

Dieter Klünter dieter at dkluenter.de
Mon Mar 27 14:13:19 EDT 2017


Am Sat, 25 Mar 2017 16:36:19 +0100
schrieb Thomas Harding <tom at thomas-harding.name>:

> Why don't use an Openldap instance as proxy ?
> 
> Le 25 mars 2017 09:42:37 GMT+01:00, Chentao Credungtao via Cyrus-sasl
> <cyrus-sasl at lists.andrew.cmu.edu> a écrit :
> >Hi,
> >
> >I need to set up Postfix authentication against multiple (3)
> >OpenLDAP servers.
> >
> >I managed to run 3 instances of SASL, each one authenticating
> >against one of the 3 servers :
> >
> >First instance, authenticating against the first LDAP server
> >(example.com) :
> ># testsaslauthd -f /var/run/saslauthd-com/mux -u john.doe at example.com
> >-p 
> >password1
> >0: OK "Success."
> >
> >Second instance, authenticating against the second LDAP server 
> >(example.net) :
> ># testsaslauthd -f /var/run/saslauthd-net/mux -u jane.doe at example.net
> >-p 
> >password2
> >0: OK "Success."
> >
> >Third instance, authenticating against the third LDAP server
> >(example.org) :
> ># testsaslauthd -f /var/run/saslauthd-org/mux -u
> >jimmy.doe at example.org -p password3
> >0: OK "Success."
> >
> >The problem : it seems Postfix can only authenticate against one
> >running 
> >instance of SASL.
> >
> >
> >Is it possible to set up some kind of a SASL proxy, that forwards
> >each authentication-request to another SASL instance, depending on
> >the e-mail 
> >domain ?
> >Something like :
> >
> ># testsaslauthd -f /var/run/saslauthd-proxy/mux -u
> >john.doe at example.com
> >
> >-p password1  
> >==> should be forwarded to /var/run/saslauthd-com  
> >
> ># testsaslauthd -f /var/run/saslauthd-proxy/mux -u
> >jane.doe at example.net
> >
> >-p password2  
> >==> should be forwarded to /var/run/saslauthd-net  
> >
> ># testsaslauthd -f /var/run/saslauthd-proxy/mux -u
> >jimmy.doe at example.org 
> >-p password2  
> >==> should be forwarded to /var/run/saslauthd-org  
> >
> >Thanks (any other idea to approach this problem is welcome)

make use of auxprop ldapdb instead of saslauthd.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E


More information about the Cyrus-sasl mailing list