This is on a BSD server, so PAM isn't an easy route to go.
Then why are you posting to a SuSE list? :) Just Kidding. Without PAM your LDAP experience is going to be a lot more painful. PAM is a genious concept by those guys from Sun. Without PAM, every application you want to use LDAP with has to explicitly have LDAP support, and not only for lookups, but for authentication as well. Fortunately, Postfix does support SASL authenitcation through LDAP (fancy SMTP authentication), but an article about it escapes me. It's most likely in the postfix docs. ______________________________ Justin Grote Network Architect, CCNA JWG Networks Email: nospam-justin@grote.name (remove nospam-) SMS: nospam-rastan@vtext.com (remove nospam-) Phone: (208) 631-5440 ------------------------------ Original Message Follows ------------------------------ MG> On Thu, Aug 12, 2004 at 11:17:08AM -0600, Justin Grote wrote:
Yes, LDAP implementation is very piecemeal and specific, but that is because many different systems have different information to store. I've done several LDAP implementations.
What Directory Service are you using? OpenLDAP, or something like Novell eDirectory or Active Directory?
MG> We're using OpenLDAP.
This address is a good starting point for all things LDAP: http://www.kingsmountain.com/ldapRoadmap.shtml
For PostFix, you can do it using PAM: http://sapiens.wustl.edu/~sysmain/info/postfix/postfix_configure.html
MG> This is on a BSD server, so PAM isn't an easy route to go. I've found an MG> article from Linux Journal that outlines it, but it's PostFix 1.1.x. I have MG> 2.x to work with, but hopefully they will be quite similar.
In terms of SAMBA, if you are using Active Directory as your LDAP server, you can use winbind to authenticate using Kerberos. Otherwise, users and computers have to use a separate ldap class. Microsoft doesn't follow LDAP RFC standards in this regard, unfortunately (embrace and extend, baby). There are samba tools out there already that will do the password synching for you (look for smbldap-tools).
MG> Hmm, that's interesting, I'll have to look into those tools. They might make MG> things much easier. MG> Thanks for the response! MG> -- MG> -M MG> There are 10 kinds of people in this world: MG> Those who can count in binary and those who cannot.