Cyrus-Imap and auxprop ldap

Dan White dwhite at
Thu May 6 12:28:54 EDT 2010

On 06/05/10 18:05 +0200, Julien Vehent wrote:
>Hey guys,
>I'm trying to allow my cyrus-imap server to bind to the LDAP directory
>using SASL and without the need of saslauthd.
>I have a working Slapd server that allow proxy authorization for user
># ldapwhoami -U cyrus -Y DIGEST-MD5 -X u:michel -H ldap://localhost
>SASL/DIGEST-MD5 authentication started
>Please enter your password:
>SASL username: u:michel
>SASL SSF: 128
>SASL data security layer installed.
>dn:cn=michel rene,ou=mail,dc=example,dc=net
>However, I can't make this work with imapd. I tried to reuse information
>from the man page, but it brought me nowhere...
>My imapd.conf contain the following (regarding sasl and ldap only):
># grep -E "sasl|ldap" /etc/imapd.conf |grep -v "#"
>sasl_pwcheck_method: auxprop
>sasl_auxprop_plugin: ldapdb
>sasl_auto_transition: no
>ldap_uri: ldap://localhost
>ldap_id: cyrus
>ldap_password: cyrusadmin

You can find documentation in doc/options.html within the sasl source, or
older documentation in the openldap source tree:

ldapdb is a sasl auxprop plugin, and it's configuration items are not
found in the imapd.conf man page. A typical configuration looks like:

ldapdb_uri: ldap://
ldapdb_id: root
ldapdb_pw: secret
ldapdb_mech: DIGEST-MD5

If that doesn't work, look for errors listed in your syslog auth facility
log (e.g. /var/log/auth.log).

Dan White

More information about the Info-cyrus mailing list