Re: groups, members, LDAP and ptloader

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

En/na Warren Turkal ha escrit:

On Wednesday 30 May 2007 14:30, Milen Dimov wrote:

We successfully run cyrus 2.2.12 and 2.3.8 both with LDAP users
authentication and authorization utilizing respectively saslauthd and
ptloader with LDAP support.
I was under the impression that you could avoid saslauthd for authentication. Is this impression true?
Yes you can, but then you need to store passwords in plain-text, and be prepared for a rough series of trial & error sessions, trying do decypher obsolete and/or incomplete ldap documentation and its esoteric interactions with sasl and cyrus ;-) : 

sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: ldapdb
sasl_ldapdb_uri: ldapi://%2Fvar%2Frun%2Fslapd%2Fldapi
sasl_ldapdb_mech: EXTERNAL
(accessing ldap through a unix socket avoids the need to store a password in imapd.conf, that's what the sasl_ldapdb_mech: EXTERNAL does). For this to work I have this in my slapd.conf (uid 106 is cyrus): 

sasl-regexp "gidNumber=(.*)\\+uidNumber=106,cn=peercred,cn=external,cn=auth"
     "uid=cyrus,ou=System,dc=ventoso,dc=org"

sasl-regexp "gidNumber=0\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
     "cn=admin,dc=ventoso,dc=org"

sasl-regexp "uid=(.*),cn=external,cn=auth"
     "ldap:///dc=ventoso,dc=org??sub?(uid=$1)"

sasl-authz-policy to
then I have one record in ldap for cyrus (under a different ou, so that it won't mix with normal users for authentication) 

dn: uid=cyrus,ou=System,dc=ventoso,dc=org
uid: cyrus
objectClass: person
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
[....]
authzTo: ldap://ou=People,dc=ventoso,dc=org??sub?(objectclass=person)
Don't ask me what all of this means, I don't remember (and I doubt that the folks that designed the system do ;-) 
And remember: passwords have to be stored in plain text for this to work.

Bye
--
Luca Olivetti
Wetron Automatización S.A. http://www.wetron.es/
Tel. +34 93 5883004      Fax +34 93 5883007
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux