Just FYI:
in the special case you have an extra cleartext mail password (I had to use
it for Postfix SMTP AUTH) attribute defined in your LDAP schema, you may
use an ldap auxprop to get rid of saslauthd(8) and to offer full CRAM-MD5,
DIGEST-MD5 and NTLM authentication.
After many have beaten me, I ended up writing a cyrus sasl auxprop for this
case. Unlike ldapdb you may freely define your ldap atribute storing the
password usable for authentification.
http://southbrain.com/south/2008/06/writing-a-cyrus-sasl-ldap-auxp.html
It is offered without any warranty of any kind. I took some special time to
insert memsets to clear out password memory immediately after use so they
don't stay in process memory forever.
Comments are always welcome!
Pascal