[Fedora-directory-users] Saslauthd Authentication Issues

[Anthony M. Farrell]

On Thu, 24 Jan 2008 13:39:08 Jared B. Griffith wrote:
> I am trying to see if I can't get an existing Cyrus Imap server to
> authenticate against our directory server. The people at cyrus recommend
> the followng configuration in saslauthd.conf ldap_servers:    
> ldap://your.ldap-host.tld
> ldap_version:     3
> ldap_timeout:     10
> ldap_time_limit:  10
> ldap_search_base: o=what-ever-you-may-have,dc=your-domain,dc=tld
> ldap_bind_dn:     cn=your-ldap-admin-name,dc=your-domain,dc=tld
> ldap_password:    your-ldap-admin-password
> ldap_scope:       sub
> ldap_uidattr:     the-attribute-name-in-which-you-store-usernames, es: uid
> ldap_filter_mode: yes
> ldap_filter:      (uid=%u%R)
> This doesn't work, I have tried different variations of this and have had
> no luck. I am wondering if anyone has had experience with this and what
> sort of tricks (if any) they did to get this to work properly. Are there
> any docs out there that I am missing?
> Any help would be appreciated.

The easiest way if you are using Cyrus IMAP on Fedora or Redhat is to use PAM 
to authenticate. The following assumes you have first enabled directory 
authentication on the mail server using 'authconfig' to set up LDAP 
in '/etc/pam.d/system-auth' as required.

1. Edit '/etc/sysconfig/saslauthd' and ensure that 'MECH="pam" is set.

2. Edit '/etc/imapd.conf' and make sure that 'sasl_pwcheck_method' is set 
to 'saslauthd' even though you will be using PAM.

3. Edit '/etc/pam.d/imap' to read as follows:

auth            sufficient      /lib/security/$ISA/pam_ldap.so
account         sufficient      /lib/security/$ISA/pam_ldap.so

4. Start saslauthd and cyrus-imapd and set chkconfig to on.

5. Create some mailboxes and away you go!

A more complete blurb can be found at 'www.wlug.org.nz/CyrusNotes'

Tony

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.