Looking for canon_user plugin

Dieter Kluenter dieter at dkluenter.de
Fri Sep 22 03:31:31 EDT 2006


Torsten Schlabach <tschlabach at gmx.net> writes:

> Hi all!
>
> Does anyone know of any ready made plugins available to canonicalize
> (c14n) usernames on the SASL layer?
>
> What I would be looking for was a plugin which looks up and sets an
> authz (authorization id) from LDAP given a username.
>
> What I want to achieve is this:
>
> I have a Cyrus IMAPd server, which is using SASL (saslauthd, to be
> exact) to handle user logins. I want a user to be able to login using
> a nickname and I would expect such a plugin to do a lookup against
> LDAP to find that user's real userid (=mailbox name) and set it as the
> authorization id.
>
> By default, IMAPd assumes authorization id == authentication id and
> some IMAP clients don't have a proper way to specify different
> authentication and authorization id.
>
> If there was such a plugin, some hints on how to configure such a
> plugin would be nice as well.

The auxprop ldapdb combined with an appropriate slapd.conf and a well
defined regex for authTo attribute could do this. Although there would
be no need to transform nick to userid.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6



More information about the Cyrus-sasl mailing list