Re: SASL Authentication against LDAP

[Igor Brezac <igor@ipass.net>]

On Tue, 6 Aug 2002, Lothar Handl wrote:

> Hello.
>
> First of all, I am new to this list and I hope not to be off topic
> with my question.
> On my system I try to install Cyrus IMAP and want to authenticate
> against my LDAP tree. I tried to configure SASL with the LDAP Patch
> directly, but I could not compile it on my SuSE 7.2 Linux. So I chose
> to use SASL2 and authenticate via PAM, but it does not seem even to
> ask PAM. My imapd.conf looks like this:
>
> postmaster: postmaster
> configdirectory: /var/imap
> partition-default: /var/spool/imap
> admins: cyrus root
> allowanonymouslogin: no
> allowplaintext: yes
> sasl_mech_list: PLAIN
> srvtab: /var/imap/srvtab
> sasl_passwd_check: pam
> tls_ca_file: /var/imap/server.pem
> tls_cert_file: /var/imap/server.pem
> tls_key_file: /var/imap/server.pem
>
> I followed the instructions in the Cyrus IMAP Howto on tldp.org. I
> don't think the failure lies in LDAP directly because nss_ldap and
> pam_ldap seem to work on my system.
> I hope you can help me. Do you have a recipie or something like that?
> Indeed I am not happy with SASL and hope to find another way of doing it.
>

pam is not a valid sasl_passwd_check in sasl v2.  You need to use
sasl_passwd_check: saslauthd.  You also need to start 'saslauthd -a
pam'.

Alternatively, you can try to use ldap support in saslauthd.  You will
need to download the latest cyrus-sasl from
http://asg.web.cmu.edu/cyrus/download/.  The saslauthd ldap docs were
omitted from this release, but you can find them in CVS,
http://bugzilla.andrew.cmu.edu/cvsweb/src/sasl/saslauthd/LDAP_SASLAUTHD?rev=1.3&content-type=text/x-cvsweb-markup

-- 
Igor