Quanah Gibson-Mount wrote:
Sure. Which configuration do you want me to try it with? ;) Here is -d
-1 with this config:
idassert-bind bindmethod=sasl
saslmech=gssapi
realm=stanford.edu
authcID=service/mailrouter@stanford.edu
authzID=dn:cn=mailrouter,cn=service,cn=applications,dc=stanford,dc=edu
First of all, what's missing here is the "mode" parameter; what do you
want the proxy to do? bind as "service/mailrouter@stanford.edu", SASL
authorize as
"dn:cn=mailrouter,cn=service,cn=applications,dc=stanford,dc=edu" and
then? proxy authorize as the incoming request? just keep the
"cn=mailrouter,cn=service,cn=applications,dc=stanford,dc=edu" identity?