Using LDAP with Cyrus [was: Re: [Diffusion] [Committed] rI0b8b7ab02b36: Documentated several saslauthd ldap options.]

Nic Bernstein nic at onlight.com
Tue Mar 13 12:44:34 EDT 2018 

Dan,
I am trying for the first time to set up Cyrus (3.0.4 & 3.0.5) with 
ptloader, sasl auxprop, etc.  Even though I've used LDAP for many years, 
I've only ever used saslauthd with mech=ldap or mech=pam, and a fairly 
simple configuration.  For example:

    ldap_servers: ldapi://%2fvar%2frun%2fopenldap%2fldapi
    ldap_bind_dn: cn=proxyUser,ou=systems,dc=example,dc=com
    ldap_bind_pw: secret
    ldap_filter: (|(&(|(uid=%u)(mail=%u)(mailRoutingAddress=%u))(objectClass=person))(&(cn=%u)(objectClass=organizationalRole)))
    ldap_search_base: dc=example,dc=com

When I search my archive of the cyrus-devel list, the only references to 
ldap in the subjects are you making some commits to the old Phabricator 
system.  Unfortunately all of the associated tracking from that era is 
gone.  Could you perhaps provide some guidance on this? (see below)  
I've looked in the modern-day equivalent to the affected documents 
listed below, but don't see many notes on LDAP.

I was hoping to write up some comprehensive documentation on using LDAP 
with Cyrus, as there is currently nothing beyond the imapd.conf(5) man 
page.  Any help you could provide would be most welcome.  The only 
cogent examples I find online are all from you, but are many years old, 
so I have no frame of reference as to how accurate they still are.  If 
you would prefer to discuss this off-list, or via phone, please advise.

Specifically, I am trying to configure so that users may authenticate 
with either just UID (i.e. "nic") or email address (i.e. 
"nic at onlight.com").  The saslauthd example shown above does just this, 
but Cyrus still only works with the simple user ID, not the email 
address, which is what leads me to trying ptloader and auxprop.

Anyone else,
I would welcome working LDAP configuration examples from any and all, 
just remember to obfuscate or remove any security information.

Thanks in advance,
     -nic

On 03/14/2016 02:52 AM, Phabricator wrote:
> Dan White <dwhite at olp.net> committed rI0b8b7ab02b36: Documentated several saslauthd ldap options. (authored by Dan White <dwhite at olp.net>).
> Herald added auditors: Documentation.
>
> Documentated several saslauthd ldap options.
>
>
> AFFECTED FILES
>    /doc/Administrator_Guide/en-US/Administrator_Guide.xml
>    /doc/Administrator_Guide/en-US/appe-Mailbox_Distribution.xml
>    /doc/Administrator_Guide/en-US/part-Configuration_Reference.xml
>    /doc/Deployment_Guide/Makefile
>    /doc/Deployment_Guide/en-US/Deployment_Guide.xml
>    /doc/Deployment_Guide/en-US/Deployment_Scenarios.xml
>    /doc/Deployment_Guide/en-US/Performance_Recommendations.xml
>
> USERS
>    Documentation (Auditor)
>
> COMMIT
>    https://git.cyrus.foundation/rI0b8b7ab02b36
>
> EMAIL PREFERENCES
>    https://git.cyrus.foundation/settings/panel/emailpreferences/
>
> To: davies, nicolan, onlight, amor, admin, vanmeeuwen

-- 

Nic Bernsteinnic at onlight.com
Onlight Inc.www.onlight.com
6525 W Bluemound Rd., Ste 24              v. 414.272.4477
Milwaukee, Wisconsin  53213-4073      f. 414.290.0335

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-devel/attachments/20180313/dcc3740a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nic.vcf
Type: text/x-vcard
Size: 278 bytes
Desc: not available
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-devel/attachments/20180313/dcc3740a/attachment.vcf>

More information about the Cyrus-devel mailing list