ldap authentication problem

Dmitriy Kirhlarov dkirhlarov at oilspace.com
Thu Oct 26 06:09:03 EDT 2006


Hi, list

I'm using cyrus imapd 2.3.7 with ldap user database and everything
works fine in simple case.
For user accounts I use ou=users,o=firm.

Now I want make admin account in different part of DIT
uid=cyrus,ou=virtusers,o=firm but have a problem.

My imapd.conf:
----
...
ldap_filter: (uid=%u)
ldap_scope: one
ldap_base: ou=users,o=firm
ldap_tls_cacert_file: /etc/ssl/cacert.pem
ldap_sasl: no
ldap_uri: ldap://ldap
ldap_start_tls: yes
pts_module: ldap
...
----

My saslauthd.conf:
----
ldap_servers: ldaps://ldap
ldap_tls_cacert_file: /etc/ssl/cacert.pem
ldap_search_base: ou=%3,o=%2
ldap_default_realm: users.firm.com
ldap_filter: uid=%U
----

saslauthd work fine -- I test it with testsaslauthd.  I can
authentificate as 'user' 'user at users.firm.com' and
'cyrus at virtusers.firm.com' in one ldap DIT.

But cyrus imapd works only with short names of users. I test it with
imtest.
Variations with ldap_filter (uid=%u | uid=%U | uid=%U,ou=%3,o=%2),
ldap_scope (one | sub) and ldap_base (ou=users,o=firm | o=firm) in
different combinations do not help to make authentication for
cyrus at virtusers.firm.com.
Where is problem?

Thanks.


More information about the Info-cyrus mailing list