alternative login names
Wolfgang Rosenauer
wrosenauer at gmail.com
Mon Feb 4 12:03:11 EST 2013
On Mon, Feb 4, 2013 at 3:27 PM, Dan White <dwhite at olp.net> wrote:
> On 02/04/13 09:08 -0500, Adam Tauno Williams wrote:
> >On Mon, 2013-02-04 at 14:25 +0100, Wolfgang Rosenauer wrote:
> >> I actually needed a pointer into the right direction and I guess that
> >> is one.
> >> I've never used sasl ldapdb though and I have a hard time figuring out
> >> how and what to do.
> >
> >I have some examples for using ldapdb @
> ><http://www.wmmi.net/documents/LDAP103.pdf>
> >
> >> From the documentation I found it's also not clear to me if a crypted
> >> userPassword as I use in my LDAP can be used in that setup.
> >
> >Hmmmm. I can't recall off the top of my head. I believe it SHOULD be
> >possible to do LOGIN/PLAIN auth via ldapdb.
>
> It should be possible to continue to use saslauthd for authentication (with
> crypted passwords) and then use ldapdb just as a canonicalization plugin.
>
I played around some more with openldap's SASL and ran exactly into the
issue that SASL seems to explicitely _not_ support CRYPT userPasswords.
So yes, keeping saslauthd using PAM would help with that.
But now after reading quite some stuff about ldapdb I still have no idea
how a "use ldapdb just as a canonicalization plugin" would look like. Any
pointers to documentation which shows how that comes together starting from
imapd.conf.
I found some snippets for example here:
http://comments.gmane.org/gmane.mail.imap.cyrus/29985
But this is the other way round as I'd like it to behave. I have "simple"
login names but want to allow people to login with their email address.
As I understand the canonicalization feature it would return any attribute
from an ldap entry but I'd need to search for the mail attribute and return
the uid.
Or does it do the same sasl_regexp stuff so I could create a search from a
sasl request?
Wolfgang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20130204/668f7856/attachment.html
More information about the Info-cyrus
mailing list