From memory, we are still on windows 2013 AD (not my decision) and because the cyrus server and AD are on the same LAN I believe we decided to just stick to plain LDAP lookups between cyrus and AD, so I might not have a solution.
Regards
Jim
Hi Jwallis
I am facing the same issues as yours although not exactly. I also belief that in the near future Microsoft will force us to use ldaps so I am trying to get Cyrus-imap authentication with windows 2022 AD over ldaps.
The only difference from you is that I don’t need ptloader I don’t need groups information. I only need user authentication.
Currently I managed to setup in the Lab a working cyrus-imap which authenticate through Windows 2022 AD over ldap (not secured and I could see the password in plain text)
I imported CA certificate and updated the local thrusted stores.
Executed the following command:
ldapwhoami -ZZ -H ldap://dnsservername -D "CN=xxxxx,CN=Users,DC=xxxxxxx,DC=xxx" -W
and I got the proper reply. Which indicate that the AD is accepting connections on LDAPS port and CA was properly imported.
I belief something is related to configurations in /etc/saslauthd.conf file
Do you have a typical /etc/saslauthd.conf file which permits authentication over LDAPS please?
Thanks
Denis
