Re: Relaying SASL authentication

* Angel L. Mateo <amateo@um.es>:
> The problem we have is that now we have a subdomain we are the primary
> MX and their users need to send messages from outside our network. We
> have configured SASL authentication in this server against an LDAP
> directory to authenticate users of one domain. But the users of the
> other domain are not in the LDAP directory, they are define locally in
> ther subdomain mail server.
>
> The question is if there is any way to configure SASL to authenticate
> against the LDAP directory for the users of the first domain and to
> proxy (or something similar) the SASL authentication to the users of the
> other domain.

If your subdomain users authenticate with your domain MTA then the
authentication usually takes place at the domain MTA. You can connect Cyrus
SASL to a remote authentication backend, if there's way to connect to it. That
is the authentication backend can be reached over a network protocol. If your
subdomains authentication backend is capable of this you should be able to
get this working. Where are data for your subdomains users stored? LDAP? SQL?

p@rick

--
The Book of Postfix
<http://www.postfix-book.com>
SMTP AUTH debug utility:
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>