On 06/05/10 18:05 +0200, Julien Vehent wrote: >Hey guys, > >I'm trying to allow my cyrus-imap server to bind to the LDAP directory >using SASL and without the need of saslauthd. >I have a working Slapd server that allow proxy authorization for user >cyrus: > >--------- ># ldapwhoami -U cyrus -Y DIGEST-MD5 -X u:michel -H ldap://localhost >SASL/DIGEST-MD5 authentication started >Please enter your password: >SASL username: u:michel >SASL SSF: 128 >SASL data security layer installed. >dn:cn=michel rene,ou=mail,dc=example,dc=net >--------- > >However, I can't make this work with imapd. I tried to reuse information >from the man page, but it brought me nowhere... >My imapd.conf contain the following (regarding sasl and ldap only): > >--------- ># grep -E "sasl|ldap" /etc/imapd.conf |grep -v "#" >sasl_pwcheck_method: auxprop >sasl_auxprop_plugin: ldapdb >sasl_auto_transition: no >ldap_uri: ldap://localhost >ldap_realm: example.net >ldap_id: cyrus >ldap_password: cyrusadmin >--------- You can find documentation in doc/options.html within the sasl source, or older documentation in the openldap source tree: http://tinyurl.com/2eph2so ldapdb is a sasl auxprop plugin, and it's configuration items are not found in the imapd.conf man page. A typical configuration looks like: ldapdb_uri: ldap://ldap.example.com ldapdb_id: root ldapdb_pw: secret ldapdb_mech: DIGEST-MD5 If that doesn't work, look for errors listed in your syslog auth facility log (e.g. /var/log/auth.log). -- Dan White ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
