> But with Cyrus, I need to somehow pass information up the stack pertaining
> to the IP address the request came from. In turn, with a pam_ldap module
> that is IP-address aware, I can switch directory trees based on IP-address
> and I think my problem will be solved.
>
> In other words, say I have two imap sockets listening: 172.0.0.1:143 and
> 172.0.0.2:143, both for different domains. A request comes in on
> 172.20.0.1. SASL would grab the IP address of the local end of the
> connection and pass that to PAM, along with the user id and password.
> Then, the pam_ldap module would first check its config file to see what
> LDAP tree to use for that IP address, then do it search and return.
> Currently, the config file for pam_ldap is /etc/ldap.conf and it has
> directives like:
you could always use the sasl_ldap patches and assuming each of your imapd's has
a seperate imapd.conf (the link is somewhere in the openldap.org faq-o-matic)
in the imapd.conf for someplace.com
sasl_pwcheck_method: ldap
sasl_ldap_server: ldap.ofs.edu.sg
sasl_ldap_basedn: ou=people,dc=someplace,dc=com
in the imapd.conf for someotherplace.com
sasl_pwcheck_method: ldap
sasl_ldap_server: ldap.ofs.edu.sg
sasl_ldap_basedn: ou=people,dc=someotherplace,dc=com
etc, etc.
I have this working successfully with cyrus-imapd 2.0.12
