Re: Miscellaneous issues with IP

drax_ironport · ‎04-01-2005

Folks,

1) smtpauth with ldap should be binding rather than retrieving password. Since userPassword is a multi-values attribute (SunDS), when grabbing the password to check, the DS returns the newest one first and auth fails. We have multiple passwords so that if we need to see what a user is seeing we can log in as them.

2)LDAP as a configuration repository. Since LDAP is HA on our campus, this would mean that adding/configuring a new box would be quite easy.

3) the ability for each ip address/interface to have its own separate SSL cert rather than one for the whole box.

These are three things I would like to see. Number 2 is the lowest priority with number 3 first and number 1 second.

keith

shannon.hagan · ‎04-04-2005

1) The company I work for has an RFE request in for #1 - maybe you could get added to the rfe request.

2) Won't really be an issue once centralized management is done. When the server joins the cluster, it will gget the config from the master.

3) Would be nice - we have our certs on an ssl accelerator so it doesn't really affect my company.

mdavis_ironport · ‎05-07-2005

#1 is on the top of my list and they say it should be out soon in 2 releases from now. They already allow you t bind if you want to bind w/ super credentials but user authentication doesnt bind. I never have seen anyone ask for the password to be returned. I guesse AD uses are really mad since AD doesnt allow you to return the password attribute.
I was actually thinking of not putting our PO through until they fixed this.

#3 I put a versign cert on the box but it wont even use it for ldap. It tries to a cert auth w/ a self signed Ironport cert and my ldap server is like go away!!! I could just add that cert to the CA list. Plus I dont even want to authenticate the ironport box w/ its cert. Just let me do do secure user authentications through ldap like the rest of the world does.