On 04/11/09 15:38 +1100, John Newbigin wrote:
Hi. I have a working ldap/sasl/saslauthd/ldap set up with openldap using
passthrough authentication as per
http://www.openldap.org/doc/admin24/security.html#Pass-Through%20authentication
The problem is that I would like to use the realm to specify which
server to authenticate against.
The ldap settings in /etc/saslauthd.conf are quite different for each
server (ie. it is more than the filter which needs to be changed).
Is there a way which a per realm configuration can be used? Either
directly with sasl or with saslauthd?
I'm not aware of a way to apply specific SASL configuration depending on
the realm like that.
Depending on your server app and setup, you might be able to configure
multiple saslauthd instances, each with their own ldap configuration. That
would require your end users to authenticate to different IPs or ports
though.
For instance, in /etc/cyrus.conf (for Cyrus IMAP), you could do this in
your SERVICES section:
imap cmd="imapd -U 30 -D" listen="4.1.2.3:imap" prefork=0 maxchild=200
imapb cmd="imapd -U 30 -D" listen="4.1.2.4:imap" prefork=0 maxchild=200
imapc cmd="imapd -U 30 -D" listen="4.1.2.5:imap" prefork=0 maxchild=200
In /etc/imapd.conf:
sasl_pwcheck_method: saslauthd
imap_sasl_saslauthd_path: /var/run/saslauthd/mux
imapb_sasl_saslauthd_path: /var/run/saslauthd/muxb
imapc_sasl_saslauthd_path: /var/run/saslauthd/muxc
And then start up several instances of saslauthd:
saslauthd -m /var/run/saslauthd/mux -a ldap -O /etc/saslauthd.conf
saslauthd -m /var/run/saslauthd/muxb -a ldap -O /etc/saslauthdb.conf
saslauthd -m /var/run/saslauthd/muxc -a ldap -O /etc/saslauthdc.conf
The same approach should work when using the ldap auxprop plugin as well
(e.g. imapb_sasl_ldapdb_uri)
--
Dan White
