[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldapdb troubleshooting
> > authenticate with the LDAP repository. I started with imap and immediately
> > ran into trouble. This is what imtest wrote to auth.log:
> Not a direct answer, but if you just want cyrus to use ldap user/pass for
auth,
> I've found it much simpler to use pam_ldap via saslauthd.
I understood that there's a major difference in that ldapdb is supposed to
retrieve the password from the LDAP repository (using a controlled, secure
channel) and performs SASL auth in between client and server, which can be
chosen also secure (e.g. DIGEST-MD5).
pam_ldap in contrast authenticates a credential sent to the server with the
LDAP repository. Therefore, the credential sent by the client must be
decodeable, which is a major weakness in the protocol.
Am I mistaken about that?
Have fun,
- lars.