Kevin,
I have done all the proper configs in the cyrus.conf and imap.conf
files. I think my
problem here is the lack of documentation for the cyrus sasl patches. I
have tried
various things, but it seems that patch3 form the tar file does not even
work - it
complains about a missing Makefile in the pwcheck directory.
Dumb question - should I be patching cyrus imap instead of sasl? When I
configure sasl,
should I be using ./configure -with-pwcheck=ldap, etc. etc.
These are some of the problems I have been running into. Does anyone
recall if they have
had the same problems? Did you have to hack any code to get the patches
to work?
-John
"Kevin M. Myer" wrote:
> On Thu, 12 Apr 2001, John C. Amodeo wrote:
>
> > A quick question...
> >
> > We downloaded the patches form Openldap.org, but looking at the
source, there are no
> > provisions to pass ldap_server or ldap_basedn. Am I missing
something here? The
> > code in the pwcheck_ldap.c suggests that you need to hard-code the
ldap information
> > in, then compile.
> >
> > We are using the latest CVS, with the -C config option, and patches
found at
> > http://www.surf.org.uk/patches/index.html
> >
> > Is the the correct patch to use? Does anyone have any advise on how
to get this
> > going? The e-mail below suggests it is pretty effortless, but all
attempts we have
> > made have failed.
> >
> > Thanks,
> > -John
>
> I have it running here, although I backed out the mysql stuff from the
> surf patches.
>
> In your /etc/imapd.conf, replace
> sasl_pwcheck_method: PAM
>
> with
> sasl_pwcheck_method: ldap
>
> and add:
>
> sasl_ldap_server: <your ldap server>
> sasl_ldap_basedn: <your basedn>
>
> Then create a separate /etc/otherimapd.conf in which you have
different
> sasl_ldap_server and sasl_ldap_basedn configs.
>
> Then in /etc/cyrus.conf, for each IP address you want to listen to,
> create the following entries (replacing <address#> with the IP
address,
> although you needn't necessarily name your config files with IP
> addresses - just use something meaningful, like maybe the hostname):
>
> imap-<address#> cmd="imapd -C /etc/<address#>imap.conf"
> listen="<address#>:imap" prefork=0
>
> pop3-<address#> cmd="pop3 -C /etc/<address#>imap.conf"
> listen="<address#>:pop3" prefork=0
>
> I tested this with sendmail 11.2 and found that I also had to create
> separate lmtp sockets for each address I wanted to receive mail for -
I
> simply generated two sendmail.cf files that only bound sendmail to a
> particular IP address and I hard coded the lmtp socket into the
> sendmail.mc file I used to generate the .cf file.
>
> I have this working here - two IP addresses on the same box, with one
imap
> and pop3 processing listening on each.
>
> Both IP addresses use SASL for authenticatiom and I can use multiple
LDAP
> servers and multiple basedns very nicely. Mail is stored in separate
> spools for each IP address and I can have identical uids for multipe
> addresses (i.e [EMAIL PROTECTED] and
> [EMAIL PROTECTED] both work but are separate mail
boxes).
>
> Thanks much to Michael Clark for pointing out the sasl_ldap patches.
That
> definitely allows me to use Cyrus the way I want to (although I'd much
> prefer to specify multiple trees/servers in the pam_ldap config so
that
> _all_ services can take advantage of this, not just cyrus and
sendmail).
> Very cool.
>
> The only problem I've run into is that I probably should generate a
new
> directory for sendmail's config files and databases for each instance
of
> sendmail I've run but I should easily be able to create a template
> sendmail.mc and modify that for each instance.
>
> Kevin
>
> --
> Kevin M. Myer
> Systems Administrator
> Lancaster-Lebanon Intermediate Unit 13
> (717)-560-6140
