- Previous message: Tom Brown: "Re: cyrus-sasl-2.1.20 - Fedora Core4 - make error"
- In reply to: Hans Moser: "simulating ldapdb [auf Viren Qberpr=FCft]?="
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Igor Brezac (no email)
Date: Thu Aug 04 2005 - 08:11:18 EDT
On Wed, 3 Aug 2005, Hans Moser wrote:
> Hi!
>
> I try to get Cyrus IMAPd working with ldapdb on a remote OpenLDAP server via
> TLS.
> I don't want passwords outside ldap, but at the moment every IMAP-auth
> courses a sasldb lookup in OpenLDAP, but the is no sasldb. So ldapdb seems to
> do some strong authentification, where I should not.
> To see, if the OpenLDAP side is working properly, I want to simulate the
> ldapdb request. Is this possible i.e. by ldapsearch?
You can do:
ldapwhoami -U sasl_ldapdb_id -X u:imapd_username -Y sasl_ldapdb_mech \
-H sasl_ldapdb_uri # add -ZZ if you require starttls
then
ldapsearch -U sasl_ldapdb_id -X u:imapd_username -Y sasl_ldapdb_mech \
-H sasl_ldapdb_uri -b dn_from_ldapwhoami -s base \
'objectclass=*' userPassword
> What is the ldap counterpart to ldapdb_id, the IMAP-username (searchpattern?)
> etc.?
>
> imapd.conf looks like this:
> # sasl_pwcheck_method: saslauthd
> sasl_pwcheck_method: auxprob
> sasl_auxprob_plugin: ldapdb
> sasl_ldapdb_uir: ldap://sartre.ador.no
> sasl_ldapdb_id: cn=human,ou=mgr,o=foo
> sasl_ldapdb_pw: secret
> sasl_ldapdb_mech: PLAIN
> # sasl_ldapdb_mech: DIGEST-MD5
> sasl_ldapdb_starttls: Demand
> sasl_ldap_search_base: ou=humans,o=foo
> sasl_ldap_search_filter: uid=%U
>
> Is sasl_ldapdb_id a SASL-id (cn=.*,cn=auth) or a ldap-id?
sasl_ldapdb_id is not a dn.
-- Igor
|
|
|