About cyrus-sasl and openldap

[sagasy]

Hi,

I'm trying to use cyrus-sasl with ldap mechanism.

I use FC4 packages (cyrus-sasl, openldap ...), testsaslauthd don't access to ldap.

Is cyrus-sasl package compiled with ldap ?

Is-there a how-to somewhere ?

Thanks

PS : sorry, I don't speak a very good english

[amessina]

what you will need to do is this:

edit /etc/imapd.conf and set the following:
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN LOGIN

then create and edit /etc/saslauthd.conf as:
ldap_servers: ldap://ldap.your_domain.com/
ldap_version: 3
ldap_scope: one
ldap_search_base: ou=People,dc=your_domain,dc=com
ldap_auth_method: bind
ldap_filter: (uid=%u)
ldap_start_tls: yes
ldap_tls_check_peer: yes
ldap_tls_cacert_file: /etc/pki/tls/certs/ca.crt (or whatever your specific cert is)
ldap_tls_cacert_dir: /etc/pki/tls/certs

the tls stuff is only if you want/need tls.

read the man page for saslauthd and imapd to give you all the parameters.

[sagasy]

Thank you,

I don't understand something :
Is it possible to test sasl / ldap (testsaslauthd) without imap ?

In fact my saslauthd.conf seem to be OK, but testsaslauthd don't ask my openldap server (noting in logs).

I have
auth failure: [user=user1] [service=imap] [realm=] [mech=ldap] [reason=Unknow]

[amessina]

oh i forgot to saty that your /etc/sysconfig/saslauthd file should look like:

# Directory in which to place saslauthd's listening socket, pid file, and so
# on. This directory must already exist.
SOCKETDIR=/var/run/saslauthd

# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled to use.
#MECH=shadow
MECH=ldap

# Additional flags to pass to saslauthd on the command line. See saslauthd(8)
# for the list of accepted flags.
FLAGS=