Ulrich Windl wrote:
Michael Ströder<michael@stroeder.com> wrote:
Hmm, if you don't want all your PAM system users to be valid e-mail
users then simply don't use PAM. Sometimes one should rethink the
software stack if requirements get more clear. smtpd sounds like postfix
which has very flexible LDAP support.
Depending on the PAM/NSS system you're using there could be group authz
mechs there too. But you did not provide enough information to really
think about this. Personally I prefer to directly use the LDAP features
of the software used.
The advantage of the PAM configuration seems to be that you only have to
describe your LDAP structure once, and not for every application.
But if requirements (e.g. set of user accounts) differ you have to define different LDAP client or other configuration anyway. There is no issue if they are the same.
I thought there might by a method to restict the accepted users from the
sasl configuration file, but it seems there is none.
Which would somewhat contradict your wish to use the very same configuration anyway.
Ciao, Michael.
Attachment:
LDAP.jpg
Description: JPEG image