Different backend authentications for Cyrus IMAP
Dan White
dwhite at olp.net
Wed Dec 8 09:54:17 EST 2010
On 08/12/10 10:05 +0100, Rudy Gevaert wrote:
>On 12/07/2010 10:33 PM, Dan White wrote:
>
>> If both domains can authenticate via LDAP (or Kerberos), you might check
>> out a recent thread on the OpenLDAP-technical list titled 'Pass-Through
>> authentication', which discusses a couple of alternatives.
>
>Hi Dan, I can't find what you are referring through in their archives.
>Can you give me an other pointer please.
Sure,
You can find it here:
http://www.openldap.org/lists/openldap-technical/201011/msg00184.html
The gist of the thread is that the poster had multiple AD servers that the
he wanted to authenticate to, and there were two solutions given:
1. Perform Kerberos authentication from saslauthd.
2. Set up a back-meta relay from within OpenLDAP to hide the AD servers
behind, and do LDAP authentication from saslauthd.
A couple of other possibilities:
If your libsasl is compiled with courier authdaemon support, you might be able to
do:
sasl_pwcheck_method: saslauthd authdaemond
sasl_saslauthd_path: /path/to/zimbra/mux
sasl_authdaemond_path: /path/to/courier/authdaemon
And then configure authdaemond to authenticate to AD via LDAP.
--
Dan White
More information about the Info-cyrus
mailing list