"John C. Amodeo" wrote: > > Rob, > > >Admin users can authorize as any user they want. > > I've heard this can be done...but how exactly? Does it have something > to do with the 'proxy user' setting or something? What if sasl is > patched for LDAP and does not authenticate locally against the sasldb?
When you authenticate, you need to use a SASL mech which supports proxying. Look at doc/mechanisms.html in the SASL distro for a complete list. In your case, you should be able to use at least PLAIN (you can use others if using OpenLDAP 2.2's auxprop plugin). Here's how you'd authenticate as 'cyrus' and login as 'test' using imtest and cyradm: imtest -a cyrus -u test -m plain localhost cyradm --user cyrus --authz test --auth plain localhost (cyradm uses some unfortunate/confusing names for the options) -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
