Auth with ldapdb [auf Viren überprüft]
Hans Moser
hans.moser at ofd-sth.niedersachsen.de
Wed Aug 3 08:58:53 EDT 2005
Hi!
1. Chapter - "as is"
- I set up the "comes along with" Cyrus IMAPd on SuSE 9.2.
- I compiled SASL 2.1.21 with ldapdb.
- I connect to cyrus with cyradm and did "cm user.ck".
- I added a unix account ck.
-> ck can use IMAP
2. Chapter "ldapdb"
= There is an ldap-user cn=human,ou=mgr,o=foo, who should do the
authtifications. The real users are in ou=humans,o=foo.
= TLS works with ldap. I could ldapsearch with "-Z -x"
- I changed imapd.conf to
# sasl_pwcheck_method: saslauthd
sasl_pwcheck_method: auxprob
sasl_auxprob_plugin: ldapdb
sasl_ldapdb_uir: ldap://sartre.ador.no
sasl_ldapdb_id: cn=human,ou=mgr,o=foo
sasl_ldapdb_pw: secret
sasl_ldapdb_mech: PLAIN
# sasl_ldapdb_mech: DIGEST-MD5
sasl_ldapdb_starttls: Demand
sasl_ldap_search_base: ou=humans,o=foo
sasl_ldap_search_filter: uid=%U
- I added authzTo attribute to cn=human,ou=mgr,o=foo in my ldap
- I added authzTo-Policy in slapd.conf to map cn=human,... in
ou=humans,o=foo.
- I stuck. I don't see anything going on, when I try to log in.
3. Chapter "The questions"
a) How to test with ldapsearch, what cyrus with ldapdb does?
b) Is sasl_ldapdb_id a SASL-id (cn=.*,cn=auth) or a ldap-id?
c) sasl_ldapdb_mech - If possible, all mech should be PLAIN or with
hashed passwords.
d) How to see what's going on? Logging?
Hans
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list