On 21/09/09 12:11 +0300, Evgeniy Arbatov wrote: >Thank you for your replies! I've decided to go with canon_user plugin. >My next question is how to use this plugin. I am trying to use LDAP >as authentication backend. What I could find are following imapd.conf >settings: > >sasl_pwcheck_method: saslauthd >sasl_mech_list: login plain >sasl_auxprop_plugin: ldapdb >sasl_ldapdb_uri: ldap://ldap.example.net/ >sasl_ldapdb_canon_attr: mail >sasl_canon_user_plugin: ldapd >imap_sasl_canon_user_plugin: ldapdb >pop3_sasl_canon_user_plugin: ldapdb > >Will this give me canonified username -> firstname.lastname@domain? Do >I need to make changes to LDAP for those settings to work? > >After I configure this ldapdb plugin I see in logs: > >mail imaps[10161]: canonified earbatov -> earbatov >mail imaps[10161]: badlogin: host [10.10.10.10] plain [SASL(-4): no >mechanism available: desired canon_user plugin ldapdb not found] >mail imaps[10161]: badlogin: host [10.10.10.10] plaintext earbatov >SASL(-4): no mechanism available: desired canon_user plugin ldapdb not >found > >I put my complete imapd.conf here http://pastebin.com/m2dbf3951 Evgeniy, ldapdb, as a canon_user plugin, is not currently found in the 2.1.23 cyrus sasl release. You will need to obtain cyrus sasl source from CVS. There is an upcoming 2.1.24 sasl release that hopefully includes this functionality. Documentation is found within 'docs/options.html' in the sasl source. You will need to configure your openldap server to support proxy authorization, as discussed here: "http://www.openldap.org/doc/admin24/sasl.html#SASL Proxy Authorization" 'sasl_auxprop_plugin: ldapdb' is probably not necessary, since you are using saslauthd for login/plain (only) authentication. Assuming you have openldap proxy authorization set up properly for your environment, the mail attribute (per your config) should return the username you wish to ultimately use. cyrus imap will pretty much remain ignorant of which username you originally authenticated as, and use the identity returned from sasl when searching for mailboxes and applying ACLs. -- Dan White ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
