Re: Using LDAP with Cyrus [was: Re: [Diffusion] [Committed] rI0b8b7ab02b36: Documentated several saslauthd ldap options.]

Tue, 13 Mar 2018 11:34:41 -0700 

On 03/13/18 11:44 -0500, Nic Bernstein wrote:

Dan,
I am trying for the first time to set up Cyrus (3.0.4 & 3.0.5) with ptloader, sasl auxprop, etc.  Even though I've used LDAP for many years, I've only ever used saslauthd with mech=ldap or mech=pam, and a fairly simple configuration.  For example: 

  ldap_servers: ldapi://%2fvar%2frun%2fopenldap%2fldapi
  ldap_bind_dn: cn=proxyUser,ou=systems,dc=example,dc=com
  ldap_bind_pw: secret
  ldap_filter: 
(|(&(|(uid=%u)(mail=%u)(mailRoutingAddress=%u))(objectClass=person))(&(cn=%u)(objectClass=organizationalRole)))
  ldap_search_base: dc=example,dc=com


I was hoping to write up some comprehensive documentation on using 
LDAP with Cyrus, as there is currently nothing beyond the 
imapd.conf(5) man page.  Any help you could provide would be most 
welcome.  The only cogent examples I find online are all from you, but 
are many years old, so I have no frame of reference as to how accurate 
they still are.  If you would prefer to discuss this off-list, or via 
phone, please advise.


With regards to the sasl side of things, the options.html
(doc/legacy/options.html) page is the primary documentation, that I'm
familiar with, for ldapdb support. The saslauthd documentation mentioned
below would have referred to out of date documentation in the
LDAP_SASLAUTHD, which was the only place ldap saslauthd support was
documented at the time.

I don't recall if I've used ptloader, and I don't have any input on how
best to document or use it.


Specifically, I am trying to configure so that users may authenticate 
with either just UID (i.e. "nic") or email address (i.e. 
"n...@onlight.com").  The saslauthd example shown above does just this, 
but Cyrus still only works with the simple user ID, not the email 
address, which is what leads me to trying ptloader and auxprop.


There are two approaches I've used to allow for "nic" and "n...@onlight.com"
to refer to the same mailbox:

* Set online.com as the default domain

* Configure ldapdb as the canon_user plugin, and return the 'normalized'
 user using the configured ldapdb_canon_attr.


On 03/14/2016 02:52 AM, Phabricator wrote:

Dan White <dwh...@olp.net> committed rI0b8b7ab02b36: Documentated several saslauthd 
ldap options. (authored by Dan White <dwh...@olp.net>).
Herald added auditors: Documentation.

Documentated several saslauthd ldap options.


--
Dan White






















					Reply via email to