I'm trying to configure imapd to authenticate against an ldap directory using ldapdb and am running into problems. I provide hosting services (i.e. ftp, svn, mail, etc) for several people where user account information is stored in an openldap directory. In addition to having a username/password, each user also has a primary email account and a list of services that they are authorized to use. I've got authentication working using the a user's uid, but I need to change this so that users are only allowed access using their email address. I believe I need this to happen as well since I'm using the Cyrus' virtdomains option. Once that is done, I'll attempt to restrict access based on the existence of the proper "authorizedService" attribute. In hopes of requiring users login using their email address I set sasl_ldapdb_canon_attr, however that resulted in the following syslog messages (These same messages occur if comment out the canonuser_attr options in imapd.conf as well): imtest: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied imap[16385]: SQL engine 'mysql' not supported imap[16385]: auxpropfunc error no mechanism available imap[16385]: unable to canonify user and get auxprops imap[16385]: badlogin: localhost [127.0.0.1] DIGEST-MD5 [SASL(-1): generic failure: unable to canonify user and get auxprops] I tracked down the ldapdb_canonuser_plug_init() error to ldapdb_config(). When the "ldapdb_uri" option is read, it apparently returns a null string reference which results in the SASL_BADPARAM being returned. Unfortunately, not fully understanding the SASL package, I'm not really sure where to go from here nor do I know if this will even solve my problem if it returns successfully. Any help in configuring this would be greatly appreciated. imapd.conf: configdirectory: /var/cyrus/config partition-default: /var/cyrus/spool admin: cyrusadmin sasl_pwcheck_method: auxprop sasl_auxprop_plugin: ldapdb sasl_ldapdb_uri: ldaps://localhost sasl_ldapdb_id: imapd-user sasl_ldapdb_pw: password sasl_canon_user_plugin: ldapdb sasl_ldapdb_canon_attr: mail sasl_mech_list: cram-md5 digest-md5 virtdomains: userid defaultdomain: example.com example ldap entry: dn: cn=test user,o=hosted_domain,ou=hosting,dc=example.com objectclass: top objectclass: inetOrgPerson objectclass: authorizedServiceObject cn: test user sn: user uid: tuser mail: tuser@xxxxxxxxxxx userPassword: password authorizedService: mail authorizedService: svn -- Peter Erickson redlamb19@xxxxxxxxx ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
