Hi, all.
I'm in the process of setting up a new Cyrus IMAPD 3.4.3 murder on RHEL
8 family.
I'm trying to replicate the functionality I currently have with 2.5.x,
which is configured to use autocreate/virtual domains with SASL ldapdb
authentication against OpenLDAP. AuthzRegexp directives in the slapd
configuration successfully map e-mail address domains to the correct OU
for account lookup/authentication; everything works beautifully. (MTA
also routes based on LDAP, so autocreate works on either first-post or
first-login as long as the LDAP account exists).
However, I'm running into difficulties trying to set up a similar
configuration with 3.4.3. I keep getting "SASL(-13): user not found:
unable to canonify user and get auxprops" errors when I attempt to
authenticate.
I'm using the openldap-ltb-2.5.x packages for the LDAP server, and have
successfully adapted my previous configuration so that ldap
authentication (to itself) works as expected, either with simple binds
or SASL mechanisms. TLS is configured with a proper certificate, and
I've verified that slapd is providing the intermediate certificate in
addition to the server cert.
The configuration directives in 3.4.x for imapd.conf appear to have
changed substantially, and I haven't found a lot of detail in the man
pages relating to each option or how they're meant to interoperate.
I've tried replacing all the legacy sasl_ldapdb_* directives with ldap_*
directives. The sasl_auxprop_plugin option appears to no longer be
present, so I'm not sure which way to go.
I'm confused about whether PTS/ptloader is required for any/all LDAP
authentication now; I don't need group membership stuff and it seems to
be pretty complex to set up; from what I can glean it doesn't rely on
the SASL/ldapdb realm mapping but requires its own configuration (and
I'm not sure I can replicate the userid mapping currently provided by
slapd for virtual domains).
I've also tried setting auth_mech: unix and moving all the SASL-related
configuration into /etc/sasl2/imapd.conf, but with no change in behaviour.
So, can anyone point me in the right direction? Any advice will be
gratefully received!
Nels Lindquist
----
<nlindq@xxxxxxx>
------------------------------------------
Cyrus: Info
Permalink: https://cyrus.topicbox.com/groups/info/T6b5aad68765fe943-Mfaa974897d36e2517ef34dc2
Delivery options: https://cyrus.topicbox.com/groups/info/subscription
