More Virtual Domains, SASL and LDAP

Igor Brezac igor at
Tue May 17 23:56:29 EDT 2005

On Tue, 17 May 2005, Bill MacAllister wrote:

> Hello,
> We are having trouble getting our hands around using Virtual Domains with 
> LDAP.  We have Cyrus IMAP server working as we expect, but the SASL 
> configuration is a bit of a puzzle.  We have assigned each virtual domain an 
> IP address.  I would like to connect to the ldap server and set the base 
> using a saslauthd.conf file like:
> ldap_servers: ldap://ldap.%r

This will not work.  %r will not expand...

> ldap_search_base: ou=people,dc=%2,dc=%1
> ldap_filter: uid=%u
> This does not seem to work.  I never see any attempt to contact the LDAP 
> server.  What I see in /var/local/messages is:
> May 17 00:14:09 bb2 saslauthd[32500]: do_auth         : auth failure: 
> [user=weezer] [service=imap] [] [mech=ldap] [reason=Unknown]
> I never did see any documentation saying that %r, %1-%9 where useful anywhere 
> else by in the filter, but there is a note about using realms with ldap.

Which documentation are you reading?  See 

> Should I expect to be able to set the servers and base using the meta 
> characters?  If this is not possible how do I get sasl to support multiple 
> search bases and/or multiple LDAP servers?

You can use tokens in search bases, but not in ldap_servers...

Cyrus Home Page:
Cyrus Wiki/FAQ:
List Archives/Info:

More information about the Info-cyrus mailing list