Well..... this sort of works, and yes, the system authentication is already going through ldap. The system is a free-bsd 6.0 system, and I am able to authenticate using what you described but I am not able to create mailboxes, which is something for the cyrus imap list. I was just seeing if anyone had any luck doing this or if there were specific options that had to be enabled or modified for this to work with the FDS. ----- Original Message ----- From: "Anthony M. Farrell" <tfar at smc.co.nz> To: "General discussion list for the Fedora Directory server project." <fedora-directory-users at redhat.com> Sent: Wednesday, January 23, 2008 5:57:58 PM (GMT-0800) America/Los_Angeles Subject: Re: Saslauthd Authentication Issues On Thu, 24 Jan 2008 13:39:08 Jared B. Griffith wrote: > I am trying to see if I can't get an existing Cyrus Imap server to > authenticate against our directory server. The people at cyrus recommend > the followng configuration in saslauthd.conf ldap_servers: > ldap://your.ldap-host.tld > ldap_version: 3 > ldap_timeout: 10 > ldap_time_limit: 10 > ldap_search_base: o=what-ever-you-may-have,dc=your-domain,dc=tld > ldap_bind_dn: cn=your-ldap-admin-name,dc=your-domain,dc=tld > ldap_password: your-ldap-admin-password > ldap_scope: sub > ldap_uidattr: the-attribute-name-in-which-you-store-usernames, es: uid > ldap_filter_mode: yes > ldap_filter: (uid=%u%R) > This doesn't work, I have tried different variations of this and have had > no luck. I am wondering if anyone has had experience with this and what > sort of tricks (if any) they did to get this to work properly. Are there > any docs out there that I am missing? > Any help would be appreciated. The easiest way if you are using Cyrus IMAP on Fedora or Redhat is to use PAM to authenticate. The following assumes you have first enabled directory authentication on the mail server using 'authconfig' to set up LDAP in '/etc/pam.d/system-auth' as required. 1. Edit '/etc/sysconfig/saslauthd' and ensure that 'MECH="pam" is set. 2. Edit '/etc/imapd.conf' and make sure that 'sasl_pwcheck_method' is set to 'saslauthd' even though you will be using PAM. 3. Edit '/etc/pam.d/imap' to read as follows: auth sufficient /lib/security/$ISA/pam_ldap.so account sufficient /lib/security/$ISA/pam_ldap.so 4. Start saslauthd and cyrus-imapd and set chkconfig to on. 5. Create some mailboxes and away you go! A more complete blurb can be found at 'www.wlug.org.nz/CyrusNotes' Tony -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20080123/15c6e61e/attachment.html
