saslauthd with ldap directory as backend

Dan White dwhite at olp.net
Mon Jan 25 13:26:59 EST 2010


On 25/01/10 18:55 +0100, Eric Belhomme wrote:
>* What I want to do ?
>
>- enable SASL auth for postfix
>- migrate from dovecot to cyrus Imapd+Murder
>- enable SASL auth for cyrus imapd and murder, using my LDAP directory
>
>* What I did :
>
>installing saslauthd with this config :
>
>ldap_servers: ldap://127.0.0.1/
>ldap_bind_dn: cn=saslauth,dc=eve-team,dc=com
>ldap_bind_pw: ***passwd***
>ldap_filter: (&(uid=%u)(objectClass=evePerson))
>ldap_search_base: ou=People,dc=eve-team,dc=com
>ldap_scope: one
>
>Then I started saslauthd daemon like this :
>
>/usr/sbin/saslauthd -a ldap -c -m /var/run/saslauthd -d

Try using the testsaslauthd to verify your saslauthd config.

>Finally, I tried to test the auth with test tools :
>
>On a shell :
>cyrus:~# sasl-sample-server -s host -p /usr/lib/sasl2 
>Generating client mechanism list...
>Sending list of 6 mechanism(s)
>S: TE9HSU4gRElHRVNULU1ENSBQTEFJTiBDUkFNLU1ENSBOVExNIEFOT05ZTU9VUw==
>Waiting for client mechanism...

saslauthd will not be used by default, without customizing your sasl
configuration.

You will need to configure the 'pwcheck_method' to include the saslauthd
option:

echo "pwcheck_method: saslauthd" > /usr/lib/sasl2/sample.conf (which
sasl-sample-server should reference)

You will also need to set the same setting for your postfix sasl config:
/etc/postfix/sasl/smtpd.conf, and within your imapd.conf
(sasl_pwcheck_method).

By default, the sasl library will query your auxprop plugins for plain text
authentication, rather than saslauthd.

The sasl library options are documented in 'doc/options.html' within
the sasl source.

-- 
Dan White


More information about the Cyrus-sasl mailing list