[snip]
Well, I don't really see how to map LDAP uids (which are normally also login names for servers/workstations) to email addresses (on which cyrus operates. The only alternative would be to not use vdomains in cyrus and use the MTA to deliver mails to any of the mail addresses of a user to <uid>. However, I would definately like to see some solution for this.
[snip]
My 2 cents. Cyrus 2.2 Supporta Virtual domains and SASL has or at least can be properly patched for LDAP authentication. It always seemed to me like SASL was the cyrus way to do authentication. That is currently what I use for imap. Maybe something else is needed. Here's a snippet of my config (I use a custom schema). sasl_pwcheck_method: auxprop sasl_auxprop_plugin: LDAPDB sasl_ldap_user: <server_dn> sasl_ldap_passwd: <server_pass> sasl_ldap_hostnames: ldap://127.0.0.1sasl_ldap_filter: (&([EMAIL PROTECTED])(objectclass=iqMailAccount)(IqEnabled=TRUE))
sasl_ldap_basedn: <base_dn> I store email explicitly because the account may not correspond to a login. The downsides:* Patching SASL if the upstream stream isn't ready (i'm using a patched package
myself). * Getting SASL working in the first place. saslauthd wasn't too bad, it took a while to figure out auxprop.* unless you store password in plain-text in the directory, you can't use MD5-CRAM/MD5-DIGEST, IIRC. So you have to make sure the LDAP server
is well locked download. Philip Thiem Isn't it obvious lumberjacks love traffic lights? GPG Pub Key Archived at wwwkeys.us.pgp.net
pgpuaXCmSYboQ.pgp
Description: PGP signature
