[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: saslauxprop and libldapdb, auxpropfunc error -7

> -----Original Message-----
> From: Igor Brezac [mailto:igor@ipass.net]

> > Another variation tried (upon suggestion) was:
> >
> > configdirectory: /var/imap
> > partition-default: /var/spool/imap
> > admins: cyrus root
> > sasl_pwcheck_method: auxprop
> > sasl_auxprop_plugin: ldapdb
> > sasl_ldapdb_uri: ldap://
> > sasl_ ldapdb_id:  admin
> > sasl_ ldapdb_pw:  password
> > sasl_ ldapdb_mech: PLAIN

> This should work, I assume extra spaces is just a typo.

Sorry, I should have commented on that earlier. This will not work because by
default, slapd does not allow PLAIN (or any unprotected mechs) over TCP. If
you use TCP you need to use a mech like DIGEST-MD5 instead, one that offers a
security layer. (Silly for localhost, but the code isn't set up to
differentiate localhost connections from other TCP connections.)

If you want to use PLAIN you must use a protected scheme, like ldaps or
ldapi. ldapi is the most efficient choice when the slapd is on the same
machine as the other servers.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support