Authentication in LDAP with different UID

Guus Leeuw jr. Guus.Leeuw at guusleeuwit.com
Mon Jan 8 13:36:08 EST 2007 

Hello,

 

First of all a couple of questions:

1)       Are you planning to manage multiple domains’ mail, or just the
domain.com mail?

2)       Can you post the contents of the canonical.cf file that postfix
uses for canonical mapping?

3)       Why would you want SASL to talk to PAM for PAM to talk to LDAP? Why
not do the whole thing in 1 go?

 

I belief, you told imapd to use the PLAIN mechanism
 AFAIK PLAIN is not
equal to PAM in terms of mechanism
 OK, PAM method, I could understand, but
then again, that raises question 3.

 

Can you bind to the LDAP server with the uid 12345? Can you bind to LDAP
with user.12345 at domain.com?

 

Without answers, it would be difficult to help (for me).

 

Regards,

Guus

 

   _____  

From: info-cyrus-bounces at lists.andrew.cmu.edu
[mailto:info-cyrus-bounces at lists.andrew.cmu.edu] On Behalf Of Jose Morelli
Neto
Sent: 08 January 2007 12:07
To: info-cyrus at lists.andrew.cmu.edu
Subject: Authentication in LDAP with different UID

 

Hello,

I am updating the mail server at my work and in this process I decided to
change the Courier-IMAP for the Cyrus-IMAP, however I still came across
myself with a problem without solution (at least for me). Here, all users
have an personal ID who is used to effect the authentication in some systems
(also in the mail). For example, an user with the personal ID 12345 possess
the mail HYPERLINK "mailto:user at domain.com"user at domain.com


If I create the mailbox in cyrus with the personal ID (cm user.12345), I can
connect through imap/pop3 and cyrus get access to the mailbox without
problems (using as user 12345), however when sending a message for this
user, postfix delivery saw LMTP for cyrus, that does not locate mailbox
(with the error: lmtpunix [5514]: to verify_user (user.12345) failed:
Mailbox you donate not exist). Then if I create mailbox with the user's mail
( cm HYPERLINK "mailto:user.user at domain.com"user.user at domain.com), the
message is delivery without problems from postfix to cyrus (that it finds
mailbox), however I can't have access to mailbox saw IMAP/POP using as login
the person code (12345) and only the email ( HYPERLINK
"mailto:user at domain.com"user at domain.com). 

The authentication of cyrus is made by SASL using the mechanism PAM (that it
validates through  LDAP). 


It follows some configurations to facilitate the understanding: 
/etc/imapd.conf --------------------------------------
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
tls_ca_file: /usr/share/ssl/certs/ca- bundle.crt
virtdomains: userid
defaultdomain: HYPERLINK "http://domain.com"domain.com
/etc/imapd.conf --------------------------------------

/etc/postfix/main.cf --------------------------------
virtual_transport = lmtp:unix:/var/lib/imap/socket/lmtp
canonical_maps = proxy:ldap:/etc/postfix/ldap/canonical.cf 
/etc/postfix/main.cf --------------------------------

usuário.ldif -------------------------
dn: uid=12345,ou=users,dc=domain,dc=com
uid: 12345
cn: Test User
sn: test
loginShell: /bin/false
uidNumber: 90001
mail: HYPERLINK "mailto:user at domain.com"user at domain.com 
quota: 20971520
gidNumber: 513
homeDirectory: /home/user
mailbox: /home/user/Maildir/
mailHost: HYPERLINK "http://siaimail10.domain.com"siaimail10.domain.com
description: description
enableMail: S
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: CourierMailAccount
objectClass: inetLocalMailRecipient 
usuário.ldif -------------------------

 
 I tried through postfix, modify/create/use some macro (those used in
HYPERLINK "http://master.cf"master.cf: ${user} ${extension}) that it passed
to cyrus the personal ID (in the place of the address) but I did not have
success. 
 
 I made with the SASL authenticate in LDAP using the UID, but did not give
very certain, therefore cyrus uses proper login to locate mailbox, and thus
I don't deliver the message saw lmtp (therefore mailbox was with the name of
the user). 
 
 
 The only thing next than I found of what necessary patch of the Kolab was
one that allows (theoretically, I did not make tests) to consult the virtual
domínios through ldap. 
 
I used canonical_maps in postfix quering ldap for the mail ( HYPERLINK
"mailto:user at domain.com"user at domain.com) and returning email (HYPERLINK
"mailto:12345 at dominio.com"12345 at dominio.com), but for virtual domains I
would have to add a new attribute in LDAP with the personal ID + the domain.


 Someone has experience in this integration and that it can help me? 
 
 
 thank's for attention.
Neto.


-- 
José Morelli Neto
HYPERLINK "http://josemorelli.net"http://josemorelli.net 

--
No virus found in this incoming message.
Checked by AVG.
Version: 7.5.433 / Virus Database: 268.16.7/619 - Release Date: 07/01/2007
18:29


-- 
No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.433 / Virus Database: 268.16.7/619 - Release Date: 07/01/2007
18:29
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20070108/e5084870/attachment-0001.html

More information about the Info-cyrus mailing list