Re: docs for OpenLDAP and cyrus-imapd on OpenBSD?
On 04/11/06, Paul Pruett [EMAIL PROTECTED] wrote: I did it, finally. the promised notes: http://www.cocoavillagepublishing.com/development/tools/openbsd/tips/cyrus-imapd/ Arrrgh! Page width greater than 1024px. (Sure, I can twice decrease the text size in Firefox and it will fit on a 1024 screen -- and require me to keep my nose like 5 inches from the screen.) What scuttering gobsheen feckin designs these pages?!?! D'oh! --ropers
Re: docs for OpenLDAP and cyrus-imapd on OpenBSD?
I have it working a similar setup. All you need once the openldap side is runnning (and there are lots of docs about OpenLDAP for users authentication out there): Thanks, got openldap with bdb up using various example conf files... Getting the openldap side supporting a table or index or proper schema? that can be referenced by sendmail and cyrus and putting the username,realm,password into it is my stuck point now, and that is beyond the misc/openbsd list. I subscribed to the cyrus info and sasl email lists and if need be the openldap lists... I'll summarize my notes on a webpage when successful and post back to misc list the url. I think another part of the puzzle maybe that I need to copy sendmail schema and have that in slapd.conf cp /usr/src/gnu/usr.sbin/sendmail/cf/sendmail.schema /etc/openldap/schema/ # grep sendmail /etc/openldap/slapd.conf include /etc/openldap/schema/sendmail.schema ? You will need a sendmail compiled with SASL and ldap support, just add this to /etc/mk.conf: WANT_LDAP=yes WANT_SMTPAUTH=yes That was very helpful and something misc OpenBSD related, I knew about exporting WANT_SMTPAUTH prior to compiling sendmail, but I did realize that a value needed to be set for WANT_LDAP.
docs for OpenLDAP and cyrus-imapd on OpenBSD?
Looking for docs for OpenLDAP and cyrus-imapd on OpenBSD I am trying to implement cyrus-imap on OpenBSD sendmail for virtual hosting with support for pop3, imap (localhost), and smtp-auth. I've googled so much information with that just did not quite fit that it is daunting for those of us who are unfamiliar with ldap. I have made some progress like I had actually hacked cyrus-imap to use the mysql for authentication, got cyradm to work by modifying /etc/hosts and so on..., was making that progress till I found that saslauthd will not support SQL, so I could not go that way for smtp-auth with sendmail. After that endeavor I decided that I will need bite the bullet and become proficient with open-ldap because both sendmail and cyrus-imap appear to have mature support for LDAP, unlike mysql. (and yes I've read a thousand times that LDAP is more appropriate than SQL for non relational lookups..., I have also been told that I should give up sendmail and use postfix, but I have a lot of investment in labor on our sendmail milter setups...) THAT said, if someone has good documentation links, helpful suggestions, or would not mind filling in the gaps offline - I would appreciate it.
Re: docs for OpenLDAP and cyrus-imapd on OpenBSD?
I have also been looking for this information Sam Fourman Jr. On 10/29/06, Paul Pruett [EMAIL PROTECTED] wrote: Looking for docs for OpenLDAP and cyrus-imapd on OpenBSD I am trying to implement cyrus-imap on OpenBSD sendmail for virtual hosting with support for pop3, imap (localhost), and smtp-auth. I've googled so much information with that just did not quite fit that it is daunting for those of us who are unfamiliar with ldap. I have made some progress like I had actually hacked cyrus-imap to use the mysql for authentication, got cyradm to work by modifying /etc/hosts and so on..., was making that progress till I found that saslauthd will not support SQL, so I could not go that way for smtp-auth with sendmail. After that endeavor I decided that I will need bite the bullet and become proficient with open-ldap because both sendmail and cyrus-imap appear to have mature support for LDAP, unlike mysql. (and yes I've read a thousand times that LDAP is more appropriate than SQL for non relational lookups..., I have also been told that I should give up sendmail and use postfix, but I have a lot of investment in labor on our sendmail milter setups...) THAT said, if someone has good documentation links, helpful suggestions, or would not mind filling in the gaps offline - I would appreciate it.
Re: docs for OpenLDAP and cyrus-imapd on OpenBSD?
Paul Pruett wrote: THAT said, if someone has good documentation links, helpful suggestions, or would not mind filling in the gaps offline - I would appreciate it. If all you want about LDAP is to authenticate your users from LDAP, then Cyrus IMAPd will just do it from sasl interface. Be sure you have installed cyrus-sasl package with ldap flavor. An example /etc/saslauthd.conf will look like this ldap_servers: ldap://127.0.0.1 ldap_search_base: dc=your,dc=base,dc=dn ldap_filter: ((uid=%u)(objectClass=inetOrgPerson)) ldap_auth_method: userPassword As you can guess, %u gets replaced with username. userPassword auth method means authentication will occur with binding. And related lines for /etc/imapd.conf sasl_mech_list: plain sasl_pwcheck_method:saslauthd sasl_saslauthd_path:/your/path/to/saslauthd/mux Good luck...
Re: docs for OpenLDAP and cyrus-imapd on OpenBSD?
If all you want about LDAP is to authenticate your users from LDAP, then Cyrus IMAPd will just do it from sasl interface. Be sure you have installed cyrus-sasl package with ldap flavor I think I need a little more than that, I am not even sure how best to insert the username realm and password and into which index.. and to that I am on a crash learn of ldap, so that is part of the picture I'll need to understand asap :( I figured the flavor thing out when I went down the mysql flavor method, Also we may need to use the -r option for pkg_add -r to get the flavor package loaded... Here is how to make flavors and -server for those who may google this on the lists: cd /usr/ports/mail/cyrus-imap make package cd /usr/ports/security/cyrus-sasl2 env FLAVOR=ldap make package cd /usr/ports/databases/openldap/ env SUBPACKAGE=ldap FLAVOR=bdb make package An example /etc/saslauthd.conf will look like this ldap_servers: ldap://127.0.0.1 ldap_search_base: dc=your,dc=base,dc=dn ldap_filter: ((uid=%u)(objectClass=inetOrgPerson)) ldap_auth_method: userPassword As you can guess, %u gets replaced with username. userPassword auth method means authentication will occur with binding. And related lines for /etc/imapd.conf sasl_mech_list: plain sasl_pwcheck_method:saslauthd sasl_saslauthd_path:/your/path/to/saslauthd/mux Good luck... I appreciate the above examples and will digest it asap. I saw several options for imapd.conf that dealt with ldap without the sasl_ prefix, and that may have mislead also. A note to other readers, any option in /etc/imapd.conf that is prefixed with sasl_ may overided the SASL configuration file, see the man page for imapd.conf and sasl_option BTW, I know I got off track when I tried settings from an example slapd.conf from a Linux Gazzette page: http://linuxgazette.net/124/pfeiffer.html http://linuxgazette.net/124/misc/pfeiffer/slapd.conf
Re: docs for OpenLDAP and cyrus-imapd on OpenBSD?
2006/10/29, Paul Pruett [EMAIL PROTECTED]: Looking for docs for OpenLDAP and cyrus-imapd on OpenBSD I am trying to implement cyrus-imap on OpenBSD sendmail for virtual hosting with support for pop3, imap (localhost), and smtp-auth. I have it working a similar setup. All you need once the openldap side is runnning (and there are lots of docs about OpenLDAP for users authentication out there): In the sendmail side, you just need to map mail adresses to uids (forget mailAlternateAddress, just needed if you migrated from qmail-ldap): FEATURE(`virtusertable', `ldap -1 -TTMPF -v uid -k (|(mail=%0)(mailAlternateAddress=%0))')dnl configure SASL options in sendmail.mc define(`confAUTH_MECHANISMS', `CRAM-MD5 DIGEST-MD5 LOGIN PLAIN')dnl TRUST_AUTH_MECH(`CRAM-MD5 DIGEST-MD5 LOGIN PLAIN') /usr/local/lib/sasl2/Sendmail.conf pwcheck_method: saslauthd mech_list: plain cram-md5 digest-md5 login saslauthd.conf: ldap_servers: ldap://ldap.xxx/ ldap_bind_dn: cn=xxx,dc=xxx,dc=sa ldap_bind_pw: ldap_search_base: ou=People,dc=carreras,dc=sa ldap_filter: ((uid=%u)(accountStatus=active)) ldap_password_attr: userPassword Cyrus LDAP authentication: /etc/imapd.conf sasl_pwcheck_method: saslauthd sasl_mech_list: login cram-md5 digest-md5 plain (*-md5 mechs won't work with hashed userPasswords, but don't harm) You will need a sendmail compiled with SASL and ldap support, just add this to /etc/mk.conf: WANT_LDAP=yes WANT_SMTPAUTH=yes And thats all... Greets
