On Thu, 24 Jan 2008 13:39:08 Jared B. Griffith wrote: > I am trying to see if I can't get an existing Cyrus Imap server to > authenticate against our directory server. The people at cyrus recommend > the followng configuration in saslauthd.conf ldap_servers: > ldap://your.ldap-host.tld > ldap_version: 3 > ldap_timeout: 10 > ldap_time_limit: 10 > ldap_search_base: o=what-ever-you-may-have,dc=your-domain,dc=tld > ldap_bind_dn: cn=your-ldap-admin-name,dc=your-domain,dc=tld > ldap_password: your-ldap-admin-password > ldap_scope: sub > ldap_uidattr: the-attribute-name-in-which-you-store-usernames, es: uid > ldap_filter_mode: yes > ldap_filter: (uid=%u%R) > This doesn't work, I have tried different variations of this and have had > no luck. I am wondering if anyone has had experience with this and what > sort of tricks (if any) they did to get this to work properly. Are there > any docs out there that I am missing? > Any help would be appreciated. The easiest way if you are using Cyrus IMAP on Fedora or Redhat is to use PAM to authenticate. The following assumes you have first enabled directory authentication on the mail server using 'authconfig' to set up LDAP in '/etc/pam.d/system-auth' as required. 1. Edit '/etc/sysconfig/saslauthd' and ensure that 'MECH="pam" is set. 2. Edit '/etc/imapd.conf' and make sure that 'sasl_pwcheck_method' is set to 'saslauthd' even though you will be using PAM. 3. Edit '/etc/pam.d/imap' to read as follows: auth sufficient /lib/security/$ISA/pam_ldap.so account sufficient /lib/security/$ISA/pam_ldap.so 4. Start saslauthd and cyrus-imapd and set chkconfig to on. 5. Create some mailboxes and away you go! A more complete blurb can be found at 'www.wlug.org.nz/CyrusNotes' Tony -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
