Shelley Waltz wrote:
I have a similar configuration running with much older versions of
openldap/sasl.
The objective is to have my imapd/smtp server autheticate users
using uid/userPassword from my LDAP database in PLAINTEXT with TLS.
The uid in my LDAP database is simple the username without any domain
attached. The userPassword is in {CRYPT} in the LDAP database.
Another approach to this is to configure saslauthd to use PAM
rather than ldap, then configure the pam_ldap module to bind to
ldap instead. PAM shouldn't care that the passwords are crypted.
I'm using this approach with crypted userPassword fields,
although it's also on a rather old version of SASL/OpenLDAP.
It *should* work on newer versions.
- Dan
