Backup LDAP authentication

Nic Bernstein nic at
Thu Dec 17 10:13:59 EST 2009

On Thu, 2009-12-17 at 14:35 +0100, nunatarsuaq wrote:

> I'd like to configure cyrus to authenticate via an additional backup
> LDAP server when the main one fails.
> Is it possible?

You didn't give us much to go on, such as which version of Cyrus or
which authentication method you are using -- saslauthd or PTS module,
but here's a guess.  In /etc/imapd.conf you may specify more than one
server using the "ldap_uri" setting for the PTS loader.  From the
imapd.conf man page:

        ldap_uri: <none>
            Contains a list of the URLs of all the LDAP servers when
        using the LDAP PTS module.

Full details on the PTS loader options are in the imapd.conf man page.

If you are using saslauthd, then the proper parameter is ldap_servers
in /etc/saslauthd.conf, which takes a space delimited list of ldap URIs:

        ldap_servers: ldap:// ldap://

You may find full details of the configuration of saslauthd in the
LDAP_SASLAUTHD file, which is part of the cyrus_sasl distribution.  On
many systems with binary installations you may find this file somewhere
like /usr/share/doc/cyrus-sasl-2.1.22/LDAP_SASLAUTHD

Best regards,

Nic Bernstein                             nic at
Onlight llc.                    
219 N. Milwaukee St., Suite 2a            v. 414.272.4477
Milwaukee, Wisconsin  53202

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Info-cyrus mailing list