auth against LDAP

Jules Agee julesa at pcf.com
Fri Oct 29 13:51:50 EDT 2004 

It's not that bad... certainly a lot better than it used to be. You have 
to set it up to accept plain passwords, authenticate against saslauthd 
(in the sasl2-bin package, in case you haven't got that far already), 
and set up saslauthd to authenticate against the LDAP server. You also 
want to set up SSL since the IMAP/POP passwords must be sent in plaintext.

For Debian, see the docs that Henrique put together in the 
/usr/share/doc/cyrus21-doc directory. (You did apt-get install 
cyrus21-doc, right?)

On Debian, put following in /etc/default/saslauthd:
START=yes
MECHANISMS="ldap"
PARAMS="-O /etc/saslauthd.conf"

Then put the parameters for your LDAP connection in /etc/saslauthd.conf. 
See /usr/share/doc/sasl2-bin/LDAP_SASLAUTHD.gz

Generate your SSL certificates using openssl or some nice gui tool like 
tinyca and put their locations in /etc/imapd.conf. I believe you will 
also need the following options set in imapd.conf (Someone please 
correct me if I'm wrong):
sasl_mech_list: LOGIN PLAIN
allowplaintext: yes
sasl_minimum_layer: 0
sasl_pwcheck_method: saslauthd

Use testsaslauthd to make sure you have that part working before you 
start testing Cyrus. Then use imtest, pop3test, lmtptest and friends in 
the cyrus21-clients package to check whether those are working (see 
respective man pages). Or you can just use a regular mail client, but 
the command-line testers give you a little more info when they fail.

Once you have everything working, turn off your regular imap/pop in 
/etc/cyrus.conf and only allow SSL/TLS connections



EISELE Pascal wrote:
> I've got the same problem :( It's not simple...
> 
> Fred Blaise a écrit :
> 
>> Hello all
>>
>> I have a regular cyrus install working and an openldap up and running. I
>> am running ubuntu on this machine, but the "real" machine will be debian
>> sarge.
>>
>> I would like to set up cyrus to use ldap.
>>
>> Any pointers? any best way to do it? Links? howtos? :)
>>
>> thanks a lot
>>
>> fred
>>
>> ---
>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>  
>>
> 
> 
> 
> ---
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.htm
> l


-- 
Jules Agee
System Administrator
Pacific Coast Feather Co.
julesa at pcf.com      x284
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list