imap and ldap

Alain Williams addw at phcomp.co.uk
Thu Dec 11 16:04:42 EST 2003 

On Thu, Dec 11, 2003 at 10:32:33AM -0500, Igor Brezac wrote:
> 
> On Thu, 11 Dec 2003, Geert Reijnders wrote:
> 
> > Oke I tried to reconfigure cyrus-sasl with the following options
> > --with-ldap=/etc/ldap (because I had to give a directory)
> 
> It appears that saslauthd configure script cannot find openldap libs on
> your system.  Check saslauthd/config.log and search for LDAP.

I have just installed & configured cyrus on a SuSE Linux box, I was going to
put up a small write up, but here is some of it now.

I had to:

	ln -s /usr/local/lib/sasl2 /usr/lib/sasl2

Tweak  master.c (version 1.82), starting line 138, insert:
	#include <tcpd.h>
	                                                                                                                                                
	int allow_severity = LOG_DEBUG;
	int deny_severity = LOG_ERR;

I had a flirtation with kerberos (trying to authenticate off MS active directory) before
giving up and moving to ldap.
	ln -s /etc/saslauthd.conf /usr/local/etc/saslauthd.conf
That file containing:
	# Config file for SASL with ldap
	# ADDW - December 2003

	# The 2 ldap servers on the main site:
	ldap_servers: ldap://172.17.5.1:389/ ldap://172.17.5.2:389/

	# This doesn't work, the servers don't appear to be listening to ldaps
	#ldap_servers: ldaps://172.17.5.1:636/

	ldap_filter: SAMAccountName=%u
	ldap_version: 3

	# Who we bind as - ie the user that we use to ask the question:
	ldap_bind_dn: cn=AccountName,ou=staff,dc=oaklands,dc=ac,dc=uk
	ldap_bind_pw: TopSecret

	# The ''domain'' within which we search:
	ldap_search_base: ou=students,ou=academic,DC=oaklands,dc=ac,dc=uk

	# end

Thanks to Trey Tabner <trey at tabner.com> for giving me this useful URL:

	http://www.bynari.net/Resellers/docs/bynari_ad_integration.txt

One of the distributed files is: saslauthd/LDAP_SASLAUTHD

I must admit, that I find the testing/verification side of authentication very
difficult to do if things go wrong, there is little information that is given to
help trace problems. There is also an assumption that you are intimate with the
workings of your authentication mechanism. But I like Cyrus, which is why I
will to document what I have done so that others can follow.


-- 
Alain Williams

#include <std_disclaimer.h>

FATHERS-4-JUSTICE - Campaigning for equal rights for parents and the
best interests of our children. See http://www.fathers-4-justice.org

More information about the Info-cyrus mailing list