Different backend authentications for Cyrus IMAP

Dan White dwhite at olp.net
Wed Dec 8 09:54:17 EST 2010


On 08/12/10 10:05 +0100, Rudy Gevaert wrote:
>On 12/07/2010 10:33 PM, Dan White wrote:
>
>> If both domains can authenticate via LDAP (or Kerberos), you might check
>> out a recent thread on the OpenLDAP-technical list titled 'Pass-Through
>> authentication', which discusses a couple of alternatives.
>
>Hi Dan, I can't find what you are referring through in their archives.
>Can you give me an other pointer please.

Sure,

You can find it here:

http://www.openldap.org/lists/openldap-technical/201011/msg00184.html

The gist of the thread is that the poster had multiple AD servers that the
he wanted to authenticate to, and there were two solutions given:

1. Perform Kerberos authentication from saslauthd.
2. Set up a back-meta relay from within OpenLDAP to hide the AD servers
behind, and do LDAP authentication from saslauthd.

A couple of other possibilities:

If your libsasl is compiled with courier authdaemon support, you might be able to
do:

sasl_pwcheck_method: saslauthd authdaemond
sasl_saslauthd_path: /path/to/zimbra/mux
sasl_authdaemond_path: /path/to/courier/authdaemon

And then configure authdaemond to authenticate to AD via LDAP.

-- 
Dan White


More information about the Info-cyrus mailing list