Information about SASL and LDAP

Dan White dwhite at olp.net
Wed Nov 30 17:17:17 EST 2011


On 30/11/11 04:58 -0600, Dan White wrote:
>On 30/11/11 11:16 +0100, Christian Roessner wrote:
>>Hello,
>>
>>I had some email contact with Patrick-Ben Koetter and we both tried to
>>figure out some SASL configuration. We came to a point, where he gave me
>>this mailing list address and told me, I could meet Dan White here.
>>
>>To speak for myself: I have the following situation:
>>
>>A running Postfix server with cyrus sasl (module ldapdb). The ldapdb
>>connects to my LDAP server, which has passwords in cleartext in the
>>userPassword attribute. This is a working setup, but sure you guess, I do
>>not really like cleartext passwords in the database.
>>
>>Yet we could not find out, if it is possible to create LDAP schema
>>attrbutes like:
>>
>>cmusaslsecretCRAM-MD5
>>cmusaslsecretDIGEST-MD5 and
>>cmusaslsecretNTLM
>
>I am not sure. I have not ever used those attributes, and assumed that they
>were used in cyrus sasl version 1.

That isn't correct. After taking a closer look, those attributes appear to
have been added some time around the 2.1.3 release.

This draft provides some additional details as to what they are used for:

http://tools.ietf.org/html/draft-melnikov-sasl-auxprop-attrs-00

Perhaps Alexey could provide some background on their usage.

-- 
Dan White


More information about the Cyrus-sasl mailing list