<div dir="ltr"><br><div class="gmail_extra"><div class="gmail_quote">On Mon, Feb 4, 2013 at 3:27 PM, Dan White <span dir="ltr"><<a href="mailto:dwhite@olp.net" target="_blank">dwhite@olp.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div class="im">On 02/04/13 09:08 -0500, Adam Tauno Williams wrote:<br>
>On Mon, 2013-02-04 at 14:25 +0100, Wolfgang Rosenauer wrote:<br>
>> I actually needed a pointer into the right direction and I guess that<br>
>> is one.<br>
>> I've never used sasl ldapdb though and I have a hard time figuring out<br>
>> how and what to do.<br>
><br>
>I have some examples for using ldapdb @<br>
><<a href="http://www.wmmi.net/documents/LDAP103.pdf" target="_blank">http://www.wmmi.net/documents/LDAP103.pdf</a>><br>
><br>
>> From the documentation I found it's also not clear to me if a crypted<br>
>> userPassword as I use in my LDAP can be used in that setup.<br>
><br>
>Hmmmm. I can't recall off the top of my head. I believe it SHOULD be<br>
>possible to do LOGIN/PLAIN auth via ldapdb.<br>
<br>
</div>It should be possible to continue to use saslauthd for authentication (with<br>
crypted passwords) and then use ldapdb just as a canonicalization plugin.<br></blockquote></div><br></div><div class="gmail_extra">I played around some more with openldap's SASL and ran exactly into the issue that SASL seems to explicitely _not_ support CRYPT userPasswords.<br>
</div><div class="gmail_extra">So yes, keeping saslauthd using PAM would help with that.<br></div><div class="gmail_extra">But now after reading quite some stuff about ldapdb I still have no idea how a "use ldapdb just as a canonicalization plugin" would look like. Any pointers to documentation which shows how that comes together starting from imapd.conf.<br>
<br></div><div class="gmail_extra">I found some snippets for example here:<br><a href="http://comments.gmane.org/gmane.mail.imap.cyrus/29985">http://comments.gmane.org/gmane.mail.imap.cyrus/29985</a><br><br></div><div class="gmail_extra">
But this is the other way round as I'd like it to behave. I have "simple" login names but want to allow people to login with their email address.<br></div><div class="gmail_extra">As I understand the canonicalization feature it would return any attribute from an ldap entry but I'd need to search for the mail attribute and return the uid.<br>
</div><div class="gmail_extra">Or does it do the same sasl_regexp stuff so I could create a search from a sasl request?<br><br><br></div><div class="gmail_extra">Wolfgang<br></div><div class="gmail_extra"><br></div></div>