On 19/11/10 10:31 -0400, Fernando Torrez wrote:
Hi all
I got work sasl authentication to access ldap server by correcting two things: 1.- inserting the proxyuser's userpassword in clear text (userPassord=secret) 2.- fixing the proxyuser's authzTo atributte to authzTo: ldap:///ou=people,dc=plainjoe,dc=org??sub?(objectClass=account) (results at the end of this mail)
As far as it can be seen, there's no need for cyrus-sasl for these matter
but my final purpose is to enable Cyrus-sasl with openldap asbackend to authenticate users for cyrus-imapd and postfix services.
ldapdb is one way to accomplish that.
See:
http://www.cyrusimap.org/docs/cyrus-sasl/2.1.23/options.php
for cyrus options and basic usage documentation.
firewall:~ # ldapwhoami -U proxyuser -X u:test -Y digest-md5 SASL/DIGEST-MD5 authentication started Please enter your password: SASL username: u:test SASL SSF: 128 SASL data security layer installed. dn:uid=test,ou=people,dc=plainjoe,dc=org
If you've got a proxy user set up and authenticating, then you've done most of the work.
In Postfix (/etc/postfix/sasl/smtpd.conf), you could do:
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 EXTERNAL pwcheck_method: auxprop auxprop_plugin: ldapdb ldapdb_uri: ldap://ldap.example.net ldapdb_id: proxyuser ldapdb_pw: <proxy user's secret> ldapdb_mech: DIGEST-MD5
and in /etc/imapd.conf:
sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 EXTERNAL sasl_pwcheck_method: auxprop sasl_auxprop_plugin: ldapdb sasl_ldapdb_uri: ldap://ldap.example.net sasl_ldapdb_id: proxyuser sasl_ldapdb_pw: <proxy user's secret> sasl_ldapdb_mech: DIGEST-MD5