Passing full userid or realm to SASL
Edward Rudd
eddie at omegaware.com
Wed Oct 5 10:21:59 EDT 2005
On Wed, 2005-10-05 at 01:31 -0500, Marcus I. Ryan wrote:
> I've set up SASL with an LDAP backend that checks for a user in either
> the ou of the SASL realm, or the ou matching their domain (so
> user at domain.tld as the username or user with domain.tld as the realm).
>
> I got it working using testsaslauthd, but when I try it through IMAP it
> appears IMAP strips the domain from the userid before it passes it to
> SASL, and doesn't pass it as a realm. I can handle it either way
> (passing a username of userid at domain.tld or having it passed in as a
> userid and a realm), but it doesn't seem to do either. Am I missing a
> setting/configuration option, or does this require some kind of code
> patch?
[snip]
>
> Any thoughts are appreciated. Thanks.
What version of SASL are you using? What version of Cyrus IMAP?
Are you using %u and %f in the ldap_filter configuration in
saslauthd,.conf? The userid is sent in %u and the realm (domain) in %r.
(this is in cyrus sasl version 2.1.20, cyrus imapd 2.2.12)
Also try setting the virtdomains: userid in /etc/imapd.conf (if using
cyrus 2.2.x) That will ensure that cyrus sends the whole userid to
sasl.
--
Edward Rudd <eddie at omegaware.com>
More information about the Info-cyrus
mailing list