Cyrus & Active Directory

Paul Boven p.boven at
Sat Jul 8 09:06:54 EDT 2006

Hi everyone,

Nikola Milutinovic wrote:
>> Does anyone have a working recipe for getting Cyrus to authenticate
>> via Active Directory?  I would greatly appreciate any assistance
>> you can offer.

> I have tried my best to integrate Cyrus IMAP into ADS properly, but
> have almost always fallen short. My colleague and I have managed to
> get AUTH PLAIN to work, via SASLAuth Daemon, using LDAP.

> My further attempt to use GSSAPI/Kerberos5 were met with limited
> success. Kerberos5 works, I created a service account in ADS (a
> normal user-like account), created and extracted a Kerberos5 key for
> IMAP/ at MY.REALM and I was able to use "cyradm" and
> authenticate via Kerberos against ADS. Unfortunately, the only client
> I was able to make use this mechanism was Thunderbird 1.5 on SuSE
> Linux 10.0. All other clients, including Outlook Express, failed to
> connect from a Windows workstation.

I've setup a working Cyrus/Sendmail/Active directory integration about 
two years ago which has been working near flawlessly. I did a 
presentation about it at the Dutch NLUUG conference in may 2005. The 
paper unfortunatly is in Dutch, but if there's enough interest I could 
translate it. Hopefully the code-examples provide enough of a lead already.

Regards, Paul Boven.

More information about the Info-cyrus mailing list