Cyrus-Imap and auxprop ldap

Dan White dwhite at olp.net
Thu May 6 12:28:54 EDT 2010


On 06/05/10 18:05 +0200, Julien Vehent wrote:
>Hey guys,
>
>I'm trying to allow my cyrus-imap server to bind to the LDAP directory
>using SASL and without the need of saslauthd.
>I have a working Slapd server that allow proxy authorization for user
>cyrus:
>
>---------
># ldapwhoami -U cyrus -Y DIGEST-MD5 -X u:michel -H ldap://localhost
>SASL/DIGEST-MD5 authentication started
>Please enter your password:
>SASL username: u:michel
>SASL SSF: 128
>SASL data security layer installed.
>dn:cn=michel rene,ou=mail,dc=example,dc=net
>---------
>
>However, I can't make this work with imapd. I tried to reuse information
>from the man page, but it brought me nowhere...
>My imapd.conf contain the following (regarding sasl and ldap only):
>
>---------
># grep -E "sasl|ldap" /etc/imapd.conf |grep -v "#"
>sasl_pwcheck_method: auxprop
>sasl_auxprop_plugin: ldapdb
>sasl_auto_transition: no
>ldap_uri: ldap://localhost
>ldap_realm: example.net
>ldap_id: cyrus
>ldap_password: cyrusadmin
>---------

You can find documentation in doc/options.html within the sasl source, or
older documentation in the openldap source tree:

http://tinyurl.com/2eph2so

ldapdb is a sasl auxprop plugin, and it's configuration items are not
found in the imapd.conf man page. A typical configuration looks like:

ldapdb_uri: ldap://ldap.example.com
ldapdb_id: root
ldapdb_pw: secret
ldapdb_mech: DIGEST-MD5

If that doesn't work, look for errors listed in your syslog auth facility
log (e.g. /var/log/auth.log).

-- 
Dan White


More information about the Info-cyrus mailing list