Re: auth against LDAP

Fri, 29 Oct 2004 11:16:40 -0700

It's not that bad... certainly a lot better than it used to be. You have to set it up to accept plain passwords, authenticate against saslauthd (in the sasl2-bin package, in case you haven't got that far already), and set up saslauthd to authenticate against the LDAP server. You also want to set up SSL since the IMAP/POP passwords must be sent in plaintext.

For Debian, see the docs that Henrique put together in the /usr/share/doc/cyrus21-doc directory. (You did apt-get install cyrus21-doc, right?)

On Debian, put following in /etc/default/saslauthd:
START=yes
MECHANISMS="ldap"
PARAMS="-O /etc/saslauthd.conf"

Then put the parameters for your LDAP connection in /etc/saslauthd.conf. See /usr/share/doc/sasl2-bin/LDAP_SASLAUTHD.gz

Generate your SSL certificates using openssl or some nice gui tool like tinyca and put their locations in /etc/imapd.conf. I believe you will also need the following options set in imapd.conf (Someone please correct me if I'm wrong):
sasl_mech_list: LOGIN PLAIN
allowplaintext: yes
sasl_minimum_layer: 0
sasl_pwcheck_method: saslauthd

Use testsaslauthd to make sure you have that part working before you start testing Cyrus. Then use imtest, pop3test, lmtptest and friends in the cyrus21-clients package to check whether those are working (see respective man pages). Or you can just use a regular mail client, but the command-line testers give you a little more info when they fail.

Once you have everything working, turn off your regular imap/pop in /etc/cyrus.conf and only allow SSL/TLS connections



EISELE Pascal wrote: 
I've got the same problem :( It's not simple...

Fred Blaise a écrit :

Hello all

I have a regular cyrus install working and an openldap up and running. I
am running ubuntu on this machine, but the "real" machine will be debian
sarge.

I would like to set up cyrus to use ldap.

Any pointers? any best way to do it? Links? howtos? :)

thanks a lot

fred

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html





---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.htm
l



--
Jules Agee
System Administrator
Pacific Coast Feather Co.
[EMAIL PROTECTED]      x284
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Reply via email to