Wolfgang, Wolfgang Rosenauer schrieb (04.02.2013 14:25 Uhr): > On Mon, Feb 4, 2013 at 10:07 AM, Marc Patermann > <hans.moser@xxxxxxxxxxxxxxxxxxxxxx > <mailto:hans.moser@xxxxxxxxxxxxxxxxxxxxxx>> wrote: > > Wolfgang Rosenauer schrieb (03.02.2013 20 > <tel:%2803.02.2013%2020>:29 Uhr): > > > I'm running Cyrus imapd 2.3.x since quite some time for a group > of users. > My setup is LDAP based using saslauthd to pam_ldap currently and > works just fine. But now I want to allow access to the mailboxes > using the email address as an alternative to the system username. > > I have no real idea where to start how I could achieve that w/o > changing the whole architecture of the system. > Someone got a hint for me what to look at? > > I don't know much about pam_ldap, but as you have all the data in > LDAP, why not switch to auxprop ldapdb and configure your LDAP to > map the existing logins and mail address to the same object? > > > I actually needed a pointer into the right direction and I guess that is > one. > I've never used sasl ldapdb though and I have a hard time figuring out > how and what to do. There are not too much options specific to ldapdb in SASL: http://cyrusimap.org/docs/cyrus-sasl/2.1.25/options.php Mine is somewhat like that: sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 LOGIN sasl_log_level: 5 sasl_pwcheck_method: auxprop sasl_auxprop_plugin: ldapdb sasl_ldapdb_uri: ldap://server.name sasl_ldapdb_id: adminuser sasl_ldapdb_pw: adminusersPW sasl_ldapdb_mech: PLAIN DIGEST-MD5 CRAM-MD5 LOGIN sasl_minimum_layer: 0 sasl_ldapdb_starttls: demand There are a few threads in the archive here. http://asg.andrew.cmu.edu/archive/index.php?mailbox=archive.info-cyrus > From the documentation I found it's also not clear to me if a crypted > userPassword as I use in my LDAP can be used in that setup. Look at this thread: http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&searchterm=auxprop%20ldap&msg=54167 > If I understand correctly all the hard work to match usernames in done > via some regexp which should be powerful enough to let me search the > login name in uid and mail attributes? You have openLDAP, right? Mostly yes. You need regex for "Mapping Authentication Identities" http://www.openldap.org/doc/admin24/sasl.html#Mapping%20Authentication%20Identities You may need "SASL Proxy Authorization" to switch from your ldapdb_id to the authenticating user. > Or did you actually refer to a different mapping in LDAP? > > Is there some sort of HOWTO somewhere or is all the information really > spread in openldap, sasl and imapd documentation only? These are the tools involved. :) But the least is IMAPd, SASL is few and most is openLDAP mapping. Marc ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
