Hi Pascal,
I tried it out and it works as advertised for me.
Some suggestions: In the case sasl requests an attribute from
your auxprop store that doesn't match the configured userPassword
attribute, go ahead and pass it up. I'm getting this error while
attempting an OTP authentication (IMAP):
giengerldap skip property: *cmusaslsecretOTP
Also, consider writing an auxprop_store function, which can be
important when using auto_transition, or when setting the
password via your plugin.
- Dan
Pascal Gienger wrote:
Just FYI:
in the special case you have an extra cleartext mail password (I had to
use it for Postfix SMTP AUTH) attribute defined in your LDAP schema, you
may use an ldap auxprop to get rid of saslauthd(8) and to offer full
CRAM-MD5, DIGEST-MD5 and NTLM authentication.
After many have beaten me, I ended up writing a cyrus sasl auxprop for
this case. Unlike ldapdb you may freely define your ldap atribute
storing the password usable for authentification.
http://southbrain.com/south/2008/06/writing-a-cyrus-sasl-ldap-auxp.html
It is offered without any warranty of any kind. I took some special time
to insert memsets to clear out password memory immediately after use so
they don't stay in process memory forever.
Comments are always welcome!
Pascal
