Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate LDAPS queries in Postfix with IPA CA #454

Open
jb3 opened this issue Aug 3, 2024 · 0 comments
Open

Validate LDAPS queries in Postfix with IPA CA #454

jb3 opened this issue Aug 3, 2024 · 0 comments
Labels
component: email Issues relating to our email forwarding system, hosted on our netcup machines. group: ansible Issues and pull requests related to the Ansible setup webscale

Comments

@jb3
Copy link
Member

jb3 commented Aug 3, 2024

Now that lovelace is enrolled, we can use the automatically collected /etc/ipa/ca.crt file to validate the LDAPS connection.

This is dead simple to setup, all it needs is for the ldap tables used by Postfix to have the following line added:

tls_ca_cert_file = /etc/ipa/ca.crt
tls_require_cert = yes

(Source: https://www.postfix.org/ldap_table.5.html)

Once implemented, it should be validated the lookups still work with a query like:

joe@lovelace:~$ sudo postmap -q [email protected] ldap:/etc/postfix/ldap-registeredaddress.cf
[email protected]
@jb3 jb3 added webscale group: ansible Issues and pull requests related to the Ansible setup component: email Issues relating to our email forwarding system, hosted on our netcup machines. labels Aug 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component: email Issues relating to our email forwarding system, hosted on our netcup machines. group: ansible Issues and pull requests related to the Ansible setup webscale
Projects
Infrastructure
Status: Up next
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jb3