On 23/10/09 12:20 -0200, Sandro Venezuela wrote:
I'm using LDAP to authenticate users on the Cyrus Imap Server, with Thunderbird and eGroupware, and also in the workstations. On the E-mail server, I'm using saslauthd with LDAP and when password expires, you can still access the mailbox through Thunderbird. My goal is just to solve this problem, because both eGroupware and PAM already do this for me.
I'm guessing 'ldap_auth_method: fastbind' with 'ldap_use_sasl: no' will honor slapo-ppolicy. Your 'ldap_filter' option will need to resolve to the user's DN. See 'saslauthd/LDAP_SASLAUTHD' in the sasl source for documentation. slapo-ppolicy uses its own expiration configuration, so you would need to maintain your pam configuration (for non imap logins) and slapo-ppolicy in parallel. Alternatively, you could go down the pam_ldap rabbit hole and configure saslauthd to use pam. -- Dan White
