auth against LDAP
Uli Schellhaas
uli.schellhaas at leute.server.de
Fri Oct 29 04:17:25 EDT 2004
Hello,
we configured saslauthd for plaintext mechanisms (PLAIN, Login), so it can
use pam. an Pam is configured to query against a Ldap Server. If
username/password can log into the ldap Server, you are authenticated.
I think there are other ways of doing it (eg. not using pam as an extra
mechanism) but its working good!
We also only support imaps and have the ldap query ssl protected.
cyrus server is 2.0:
/etc/imapd.conf:
sasl_pwcheck_method: pam
cyrus server is 2.1 ( i think:)
/etc/imapd.conf:
sasl_mech_list: plain login
sasl_pwcheck_method: saslauthd
start saslauthd daemon with
"saslauthd -a pam"
/etc/pam.d/imap:
#%PAM-1.0
auth sufficient /lib/security/pam_ldap.so
account sufficient /lib/security/pam_ldap.so
dont forget to edit /etc/openldap/ldap.conf or
/etc/ldap/ldap.conf, maybe your distri has it even in
/etc/pam_ldap.conf
there you can point pam_ldap to your ldap
greetings
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list