cyrus-imapd + sasl + ldap

[Igor Brezac]

On Wed, 10 May 2006, Rudy Gevaert wrote:

> I forgot to add the following:
>
> jura:/mail/mail1/etc# cat imapd.conf
> admins: cyrus
> allowanonymouslogin: no
> altnamespace: yes
> configdirectory: /mail/mail1/var/imap
> defaultdomain: ugent.be
> defaultpartiton: default
> duplicatesuppression: 1
> expunge_mode: delayed
> hashimapspool: 1
> mboxkey_db: skiplist
> mboxlist_db: skiplist
> netscapeurl: http://mail.UGent.be/netscape.html
> partition-default: /mail/mail1/imap
> quotawarn: 90
> sasl_pwcheck_method: saslauthd
> servername: mail.UGent.be
> sendmail: /usr/lib/sendmail
> sievedir: /mail/mail1/sieve
> sieveusehomedir: false
> singleinstancestore: 1
> soft_noauth: 1
> subscription_db: flat
> #sync_authname:
> #sync_host:
> #sync_log:
> #sync_machineid: 1
> #sync_password:
> #sync_realm:
> #sync_repeat_interval:
> #sync_shutdown_file:
> syslog_prefix: mail1
> #tls_cert_file: /mail/mail1/etc/mail.pem
> #tls_key_file: /mail/mail1/etc/mail.pem
> timeout: 30
> virtdomains: userid
>
>
> jura:/mail/mail1/etc# cat cyrus.conf
> # configuratie mail1.ugent.be
>
> START {
>  # do not delete this entry!
>  recover       cmd="ctl_cyrusdb -C /mail/mail1/etc/imapd.conf -r"
>
>  # this is only necessary if using idled for IMAP IDLE
> #  idled                cmd="idled -C /mail/mail1/etc/imapd.conf"
> }
>
> # UNIX sockets start with a slash and are put into /var/imap/sockets
> SERVICES {
>  # add or remove based on preferences
>  imap          cmd="imapd -C /mail/mail1/etc/imapd.conf" 
> listen="mail1.ugent.be:imap" prefork=5
>  imaps         cmd="imapd -C /mail/mail1/etc/imapd.conf -s" 
> listen="mail1.ugent.be:imaps" prefork=1
>  pop3          cmd="pop3d -C /mail/mail1/etc/imapd.conf" 
> listen="mail1.ugent.be:pop3" prefork=3
>  pop3s         cmd="pop3d -C /mail/mail1/etc/imapd.conf -s" 
> listen="mail1.ugent.be:pop3s" prefork=1
>  sieve         cmd="timsieved -C /mail/mail1/etc/imapd.conf" 
> listen="mail1.ugent.be:sieve" prefork=0
>
>  # these are only necessary if receiving/exporting usenet via NNTP
> #  nntp         cmd="nntpd -C /mail/mail1/etc/imapd.conf" listen="nntp" 
> prefork=3
> #  nntps                cmd="nntpd -C /mail/mail1/etc/imapd.conf -s" 
> listen="nntps" prefork=1
>
>  # at least one LMTP is required for delivery
>  lmtp          cmd="lmtpd -C /mail/mail1/etc/imapd.conf" 
> listen="mail1.ugent.be:lmtp" prefork=10
> #  lmtpunix     cmd="lmtpd -C /mail/mail1/etc/imapd.conf" 
> listen="/var/imap/socket/lmtp" prefork=1
>
>  # this is only necessary if using notifications
> #  notify       cmd="notifyd -C /mail/mail1/etc/imapd.conf" 
> listen="/var/imap/socket/notify" proto="udp" prefork=1
> }
>
> EVENTS {
>  # this is required
>  checkpoint    cmd="ctl_cyrusdb -C /mail/mail1/etc/imapd.conf  -c" period=30
>
>  # this is only necessary if using duplicate delivery suppression,
>  # Sieve or NNTP
>  delprune      cmd="cyr_expire -C /mail/mail1/etc/imapd.conf -E 3" at=0400
>
>  # this is only necessary if caching TLS sessions
>  tlsprune      cmd="tls_prune -C /mail/mail1/etc/imapd.conf" at=0400
> }
>
>
>
> jura:/mail/mail1/etc# cat /etc/saslauthd.conf
> ldap_auth_method: custom
> ldap_bind_dn: cn=mailadm.ro,cn=ldapadm
> ldap_bind_pw: *oink*
> ldap_default_real: UGent.be
> ldap_filter: (&(ugentMailUid=%u)(ugentMailAccountStatus=enabled))

ldap_filter: (&(ugentMailUid=%u%R)(ugentMailAccountStatus=enabled))

or if this does not work do (undo my ldap_filter change)

saslauthd -r -a ldap

-Igor

> ldap_password_attr: userPassword
> ldap_search_base: ou=mail,dc=UGent,dc=be
> ldap_servers: ldaps://ldap.ugent.be:636/
> ldap_version: 3
>
>
>
>
>

-- 
Igor