Hi everyone, Nikola Milutinovic wrote:
Does anyone have a working recipe for getting Cyrus to authenticate via Active Directory? I would greatly appreciate any assistance you can offer.
I have tried my best to integrate Cyrus IMAP into ADS properly, but have almost always fallen short. My colleague and I have managed to get AUTH PLAIN to work, via SASLAuth Daemon, using LDAP.
My further attempt to use GSSAPI/Kerberos5 were met with limited success. Kerberos5 works, I created a service account in ADS (a normal user-like account), created and extracted a Kerberos5 key for IMAP/my.host.name@xxxxxxxx and I was able to use "cyradm" and authenticate via Kerberos against ADS. Unfortunately, the only client I was able to make use this mechanism was Thunderbird 1.5 on SuSE Linux 10.0. All other clients, including Outlook Express, failed to connect from a Windows workstation.
I've setup a working Cyrus/Sendmail/Active directory integration about two years ago which has been working near flawlessly. I did a presentation about it at the Dutch NLUUG conference in may 2005. The paper unfortunatly is in Dutch, but if there's enough interest I could translate it. Hopefully the code-examples provide enough of a lead already.
http://home.sara.nl/~boven/cyrus-sendmail-ads Regards, Paul Boven. ---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
