On Mon, Feb 4, 2013 at 3:27 PM, Dan White <dwhite@xxxxxxx> wrote:
On 02/04/13 09:08 -0500, Adam Tauno Williams wrote:It should be possible to continue to use saslauthd for authentication (with
>On Mon, 2013-02-04 at 14:25 +0100, Wolfgang Rosenauer wrote:
>> I actually needed a pointer into the right direction and I guess that
>> is one.
>> I've never used sasl ldapdb though and I have a hard time figuring out
>> how and what to do.
>
>I have some examples for using ldapdb @
><http://www.wmmi.net/documents/LDAP103.pdf>
>
>> From the documentation I found it's also not clear to me if a crypted
>> userPassword as I use in my LDAP can be used in that setup.
>
>Hmmmm. I can't recall off the top of my head. I believe it SHOULD be
>possible to do LOGIN/PLAIN auth via ldapdb.
crypted passwords) and then use ldapdb just as a canonicalization plugin.
I played around some more with openldap's SASL and ran exactly into the issue that SASL seems to explicitely _not_ support CRYPT userPasswords.
So yes, keeping saslauthd using PAM would help with that.
But now after reading quite some stuff about ldapdb I still have no idea how a "use ldapdb just as a canonicalization plugin" would look like. Any pointers to documentation which shows how that comes together starting from imapd.conf.
But this is the other way round as I'd like it to behave. I have "simple" login names but want to allow people to login with their email address.
As I understand the canonicalization feature it would return any attribute from an ldap entry but I'd need to search for the mail attribute and return the uid.
Or does it do the same sasl_regexp stuff so I could create a search from a sasl request?
Wolfgang
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus