On 12/1/20 1:31 AM, Martijn van Duren wrote:
> Hello,
>
> There is table_ldap in the opensmtpd-extras package, but I've never used
> it, it's undocumented and I've heard that the author sees it as a proof
> of concept only at this point. So no idea how far this will take you,
> but it's your best shot. :-)
>
> A quick look through the source shows me the following snippet of the
> config parser:
>
> else if (!strcmp(key, "username"))
> read_value(&username, key, value);
> else if (!strcmp(key, "password"))
> read_value(&password, key, value);
> else if (!strcmp(key, "basedn"))
> read_value(&basedn, key, value);
> else if (!strcmp(key, "alias_filter"))
> read_value(&queries[LDAP_ALIAS].filter, key, value);
> else if (!strcmp(key, "alias_attributes")) {
> ldap_parse_attributes(&queries[LDAP_ALIAS],
> key, value, 1);
> } else if (!strcmp(key, "credentials_filter"))
> read_value(&queries[LDAP_CREDENTIALS].filter, key, value);
> else if (!strcmp(key, "credentials_attributes")) {
> ldap_parse_attributes(&queries[LDAP_CREDENTIALS],
> key, value, 2);
> } else if (!strcmp(key, "domain_filter"))
> read_value(&queries[LDAP_DOMAIN].filter, key, value);
> else if (!strcmp(key, "domain_attributes")) {
> ldap_parse_attributes(&queries[LDAP_DOMAIN],
> key, value, 1);
> } else if (!strcmp(key, "userinfo_filter"))
> read_value(&queries[LDAP_USERINFO].filter, key, value);
> else if (!strcmp(key, "userinfo_attributes")) {
> ldap_parse_attributes(&queries[LDAP_USERINFO],
> key, value, 3);
> } else if (!strcmp(key, "mailaddr_filter"))
> read_value(&queries[LDAP_MAILADDR].filter, key, value);
> else if (!strcmp(key, "mailaddr_attributes")) {
>
> Hope this works for you.
>
> martijn@
>
> On Tue, 2020-12-01 at 09:02 +0300, Родин Максим wrote:
>> Hello
>> Is there a way to make opensmtpd work
>> with ldap aliases over a secure connection?
>>
>> I do not know where to find working examples of this
>> My current /etc/mail/ldap.conf look like this:
>> 1 url>---->------->-------ldap://ldap1.mydomain.ru
>> 2 basedn>->------->-------dc=mydomain,dc=ru
>> 3 username>------->-------cn=service,dc=mydomain,dc=ru
>> 4 password>------->-------passpasspass
>> 5
>> 6 domain_filter>-->-------(&(objectClass=domain)(dc=%s))
>> 7 domain_attributes>------dc
>> 8
>> 9 credentials_filter>-----(&(objectClass=posixAccount)(uid=%s))
>> 10 credentials_attributes>-uid,userPassword
>> 11
>> 12 userinfo_filter>>-------(&(objectClass=posixAccount)(uid=%s))
>> 13 userinfo_attributes>----uid,uidNumber,gidNumber,homeDirectory
>> 14
>> 15 alias_filter>--->-------(&(objectClass=nisMailAlias)(cn=%s))
>> 16 alias_attributes>-------rfc822MailMember
>>
>> ldapd daemon is set up on another host to work over tls and ssl and
>> working correctly.
>>
>> If I change url to ldaps://ldap1.mydomain.ru
>> or to ldap+tls://ldap1.mydomain.ru
>> then smtpd -dv shows:
>> """
>> _____________________________________________
>> vdomains[50952]: warn: ldap_parse_url fail
>> vdomains[50952]: warn: ldap_connect error
>> vdomains[50952]: fatal: failed to connect
>> """
>> _____________________________________________
>>
>
Is the table-procexec a viable alternative?
You can create shell wrappers to call ldap functions
and then call the shell wrappers from procexec with
the correct parameters.
This seems very possible, assuming table-procexec is usable.
Last time I checked, procexec didn't have a lot of documentation.
Best,
Aisha
No comments:
Post a Comment