Cryus-imapd/Saslauthd/LDAP login access
Wesley Craig
wes at umich.edu
Wed Apr 14 13:33:18 EDT 2010
On 14 Apr 2010, at 12:42, Shelley Waltz wrote:
> I wish a simple way to control who in the LDAP database may login
> and autocreate a cyrus imap account. Not everyone in the LDAP
> database,
> just certain users. Any suggested methods?
>
> I have RHEL5 with
> cyrus-imapd-2.3.7-7
> cyrus-sasl-2.1.22-5
> and use
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN LOGIN
> and /etc/sysconfig/saslauthd
> MECH=ldap
Is there something in LDAP that defines who may or may not have
access? If so, you can modify the LDAP search so only the authorized
users are returned, e.g.:
(&(uid=$uid)(something=imap))
Does this make sense?
Or, ... taking a look at:
http://idms.rutgers.edu/ldap/authn-authz.shtml
it seems that the Rutgers LDAP servers have a pretty robust, per-
application authorization model.
:wes
More information about the Info-cyrus
mailing list