On 25/01/10 18:55 +0100, Eric Belhomme wrote:
* What I want to do ?
- enable SASL auth for postfix
- migrate from dovecot to cyrus Imapd+Murder
- enable SASL auth for cyrus imapd and murder, using my LDAP directory
* What I did :
installing saslauthd with this config :
ldap_servers: ldap://127.0.0.1/
ldap_bind_dn: cn=saslauth,dc=eve-team,dc=com
ldap_bind_pw: ***passwd***
ldap_filter: (&(uid=%u)(objectClass=evePerson))
ldap_search_base: ou=People,dc=eve-team,dc=com
ldap_scope: one
Then I started saslauthd daemon like this :
/usr/sbin/saslauthd -a ldap -c -m /var/run/saslauthd -d
Try using the testsaslauthd to verify your saslauthd config.
Finally, I tried to test the auth with test tools :
On a shell :
cyrus:~# sasl-sample-server -s host -p /usr/lib/sasl2
Generating client mechanism list...
Sending list of 6 mechanism(s)
S: TE9HSU4gRElHRVNULU1ENSBQTEFJTiBDUkFNLU1ENSBOVExNIEFOT05ZTU9VUw==
Waiting for client mechanism...
saslauthd will not be used by default, without customizing your sasl
configuration.
You will need to configure the 'pwcheck_method' to include the saslauthd
option:
echo "pwcheck_method: saslauthd" > /usr/lib/sasl2/sample.conf (which
sasl-sample-server should reference)
You will also need to set the same setting for your postfix sasl config:
/etc/postfix/sasl/smtpd.conf, and within your imapd.conf
(sasl_pwcheck_method).
By default, the sasl library will query your auxprop plugins for plain text
authentication, rather than saslauthd.
The sasl library options are documented in 'doc/options.html' within
the sasl source.
--
Dan White
