see also https://bugs.openldap.org/show_bug.cgi?id=7419 .
You might have success using password_method: saslauthd, starting saslauthd in PAM mode and then configuring pam_ldap as one of the PAM mechanisms. Long time ago this worked for me.
Gretings
Дилян
На 6 ноември 2021 г. 23:38:40 GMT+02:00, PFiver via SASL <sasl@xxxxxxxxxxxxxxxxxx> написа:
... I've arrived here, it seems: https://github.com/cyrusimap/cyrus-sasl/issues/374.... well no ... I have no clue, ... but anyway .... this seems completely borked .... :-) ... you see: imapd lets me in now without any checks .... it _is_ in fact, of course, not talking to the LDAP ! ... whoa.... scary! :-/ ... maybe I should just stick to dovecot :-\\ ... if only it had cal/carddavubuntu@nexus:~$ /usr/lib/cyrus/bin/imtest -m plain -a patricsk -w asdf localhost S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=DIGEST-MD5 AUTH=NTLM AUTH=CRAM-MD5 AUTH=PLAIN AUTH=LOGIN SASL-IR] nexus Cyrus IMAP 3.0.13-Debian-3.0.13-5 server ready C: A01 AUTHENTICATE PLAIN AHBhdHJpY3NrAGFzZGY= S: A01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 X-REPLICATION URLAUTH URLAUTH=BINARY LOGINDISABLED COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE] Success (no protection) SESSIONID=<cyrus-227142-1636234462-1-13065162235787530761> Authenticated. Security strength factor: 0 ^CC: Q01 LOGOUT Connection closed. ubuntu@nexus:~$ /usr/lib/cyrus/bin/imtest -m plain -a foo -w bar localhost S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=DIGEST-MD5 AUTH=NTLM AUTH=CRAM-MD5 AUTH=PLAIN AUTH=LOGIN SASL-IR] nexus Cyrus IMAP 3.0.13-Debian-3.0.13-5 server ready C: A01 AUTHENTICATE PLAIN AGZvbwBiYXI= S: A01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 X-REPLICATION URLAUTH URLAUTH=BINARY LOGINDISABLED COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE] Success (no protection) SESSIONID=<cyrus-227142-1636234480-1-7399361506862257072> Authenticated.Nov 06 21:34:22 nexus cyrus/master[227109]: service imaplocal/ipv4 pid 227142: receiving messages from long dead children Nov 06 21:34:22 nexus cyrus/imaplocal[227142]: login: localhost [127.0.0.1] patricsk PLAIN User logged in SESSIONID=<cyrus-227142-1636234462-1-13065162235787530761> Nov 06 21:34:22 nexus cyrus/imaplocal[227142]: autocreateinbox: User patricsk, INBOX was successfully created Nov 06 21:34:26 nexus cyrus/imaplocal[227142]: USAGE patricsk user: 0.008427 sys: 0.014046 Nov 06 21:34:26 nexus cyrus/master[227109]: service imaplocal/ipv4 pid 227142: receiving messages from long dead children Nov 06 21:34:40 nexus imtest[227143]: ldapdb Nov 06 21:34:40 nexus imtest[227143]: _sasl_plugin_load failed on sasl_canonuser_init Nov 06 21:34:40 nexus cyrus/master[227109]: service imaplocal/ipv4 pid 227142: receiving messages from long dead children Nov 06 21:34:40 nexus cyrus/imaplocal[227142]: login: localhost [127.0.0.1] foo PLAIN User logged in SESSIONID=<cyrus-227142-1636234480-1-7399361506862257072> Nov 06 21:34:40 nexus cyrus/imaplocal[227142]: autocreateinbox: User foo, INBOX was successfully created