Re: [exim] Exim4 ldap lookups and SASL-GSSAPI authentication

On Tue, Sep 18, 2012 at 5:40 PM, Phil Pennock <exim-users@???> wrote:
>> > Of course, exim4 test works if I delete the ACL. Therefore,
>> > and given the successful ldapsearch test, I think that exim4
>> > is not using SASL-GSSAPI. It should because it is linked against
>> The existence of the linking against the libldap library is to allow
>> Exim to do LDAP lookups but there is no call to the GSSAPI
> In addition to that, if you want something that works _now_, then you
> should be able to set up an LDAP mirror on the mail server itself, with
> syncrepl with "partial" replication, only able to see the necessary
> attributes.
>
> Then you can use ldapi:// to connect to that local LDAP server over a
> Unix domain socket, and use peer credentials for authentication. Last I
> checked, that was sasl-regexp rules, but I think it's changed.

Along those same lines, according to the openldap docs, the openldap
server can be used as a proxy. So you set it up on localhost (or in a
VM on your smtp vlan, etc) and openldap do the GSSAPI to your
corporate server, while you do simple binds to your local server.

...Todd
--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine