saslauthd with ldap directory as backend

Dan White dwhite at
Mon Jan 25 13:26:59 EST 2010

On 25/01/10 18:55 +0100, Eric Belhomme wrote:
>* What I want to do ?
>- enable SASL auth for postfix
>- migrate from dovecot to cyrus Imapd+Murder
>- enable SASL auth for cyrus imapd and murder, using my LDAP directory
>* What I did :
>installing saslauthd with this config :
>ldap_servers: ldap://
>ldap_bind_dn: cn=saslauth,dc=eve-team,dc=com
>ldap_bind_pw: ***passwd***
>ldap_filter: (&(uid=%u)(objectClass=evePerson))
>ldap_search_base: ou=People,dc=eve-team,dc=com
>ldap_scope: one
>Then I started saslauthd daemon like this :
>/usr/sbin/saslauthd -a ldap -c -m /var/run/saslauthd -d

Try using the testsaslauthd to verify your saslauthd config.

>Finally, I tried to test the auth with test tools :
>On a shell :
>cyrus:~# sasl-sample-server -s host -p /usr/lib/sasl2 
>Generating client mechanism list...
>Sending list of 6 mechanism(s)
>Waiting for client mechanism...

saslauthd will not be used by default, without customizing your sasl

You will need to configure the 'pwcheck_method' to include the saslauthd

echo "pwcheck_method: saslauthd" > /usr/lib/sasl2/sample.conf (which
sasl-sample-server should reference)

You will also need to set the same setting for your postfix sasl config:
/etc/postfix/sasl/smtpd.conf, and within your imapd.conf

By default, the sasl library will query your auxprop plugins for plain text
authentication, rather than saslauthd.

The sasl library options are documented in 'doc/options.html' within
the sasl source.

Dan White

More information about the Cyrus-sasl mailing list