IMAP auths even without valid mailboxes.
sbalmos at members.simunex.com
Mon Apr 4 10:33:43 EDT 2005
Use pam_ldap in conjunction with the pam_check_service_attr option in
its config file. Then add authorizedService attributes for every PAM
service you want. Cyrus can get especially fine-grained, because it has
four separate PAM services (one each for POP3, IMAP, NNTP, and Sieve).
See below for a section of my account LDIF. Note that SASL does not
append "d" to its service entries, like you think it would. That screwed
me over the first time I tried to get this setup going.
Ezsra McDonald wrote:
>My current system is SuSe 8.1. This version of saslauthd was not
>compiled with LDAP support. It currently hands off authentication to
>pam_ldap. I have looked for the cyrus_sasl src RPM for the version I am
>running. I would rebuild it but apparently it is not available. It looks
>like I will have to hack a later RPM and see if I can get it to work on
>Does anyone know how to give pam_ldap a filter to use? That would be my
>quickest fix. I will be investigating that now.
>On Sun, 2005-04-03 at 14:07, OndÅ™ej SurÃ½ wrote:
>>It's not task for IMAP server, but for SASL auth daemon. You have to
>>construct LDAP query in sasl so it allow only users which have mail to
>>login. Either create some special flag in LDAP.
>>F.E.: "ldap_filter: (&(uid=%u)(allowCyrusLogin=true))" or something
>>On Fri, 2005-04-01 at 13:02 -0800, Ezsra McDonald wrote:
>>>Is there a setting to tell IMAP not to allow
>>>authenticated users who don't have cyrus accounts?
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus