Cyrus IMAPd -> SASL auxprop-plugin: ldapdb -> OpenLDAP

Torsten Schlabach tschlabach at
Tue Sep 26 02:09:58 EDT 2006


Let me start with the same sentence which seems to belong to this 
subject: I have read the archives and docs for days, ...

Let me try to keep my question as simple as possible:

My /etc/imapd.conf:

sasl_pwcheck_method: auxprop

sasl_auxprop_plugin: ldapdb
sasl_ldapdb_uri: ldap://
sasl_ldapdb_id: cn=admin,dc=xxxxx,dc=yy
sasl_ldapdb_pw: *****

Alternatively I tried

sasl_ldapdb_id: admin

What I would expect to see happening is:

1. User logs on to IMAPd and supplies a username and a password. (I am 
trying this using cyradm.)

2. Username and password are passed on to the SASL layer.

3. The SASL layer finds out that I am using ldapdb, so it passes the 
username / password onto an LDAP bind.

4. OpenLDAP is supposed to do the sasl-regexp mapping, locate the object 
to authenticate agains and just do it.

Step #4 seems to be ok, as I can test that with

ldapwhoami -U admin

I get an authentication success.

But trying through cyradm I don't even see any activity on the LDAP log. 
  So it appears as if IMAPd completely ignores any of the auxprop_plugin 
settings and goes straight to sasldb, which I guess is the default.

How can I debug that?

How can I make sure the settings I have made in /etc/imapd.conf have an 
effect at all?

As SASL is a library and not a process in itself, I would probably have 
to tell IMAPd to do some more logging, don't I?


More information about the Cyrus-sasl mailing list