[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Problems Enabling Authentication using Cyrus SASL
On 19/11/10 10:31 -0400, Fernando Torrez wrote:
Hi all
I got work sasl authentication to access ldap server by correcting two things:
1.- inserting the proxyuser's userpassword in clear text (userPassord=secret)
2.- fixing the proxyuser's authzTo atributte to
authzTo: ldap:///ou=people,dc=plainjoe,dc=org??sub?(objectClass=account)
(results at the end of this mail)
As far as it can be seen, there's no need for cyrus-sasl for these matter
but my final purpose is to enable Cyrus-sasl with openldap as
backend to authenticate users for cyrus-imapd and postfix services.
ldapdb is one way to accomplish that.
See:
http://www.cyrusimap.org/docs/cyrus-sasl/2.1.23/options.php
for cyrus options and basic usage documentation.
firewall:~ # ldapwhoami -U proxyuser -X u:test -Y digest-md5
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: u:test
SASL SSF: 128
SASL data security layer installed.
dn:uid=test,ou=people,dc=plainjoe,dc=org
If you've got a proxy user set up and authenticating, then you've done most
of the work.
In Postfix (/etc/postfix/sasl/smtpd.conf), you could do:
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 EXTERNAL
pwcheck_method: auxprop
auxprop_plugin: ldapdb
ldapdb_uri: ldap://ldap.example.net
ldapdb_id: proxyuser
ldapdb_pw: <proxy user's secret>
ldapdb_mech: DIGEST-MD5
and in /etc/imapd.conf:
sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 EXTERNAL
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: ldapdb
sasl_ldapdb_uri: ldap://ldap.example.net
sasl_ldapdb_id: proxyuser
sasl_ldapdb_pw: <proxy user's secret>
sasl_ldapdb_mech: DIGEST-MD5
--
Dan White