Hi,
I'm trying to migrate all our services to LDAP.
I can get cyrus-imapd to do user authentication against an OpenLDAP server working OK, using "sasl_pwcheck_method: saslauthd", and relevant saslauthd.conf.
I'm a bit stuck with getting imapd to get group membership out of the LDAP server, to use for authorization and access control.
I can build an imap server with LDAP support in "ptloader" but as soon as I start using it, imapd seems to stop using saslauthd for authentication. In addition I get lines like the following in my ldap logs. The BIND looks OK, but I don't understand the rest.
Nov 3 16:15:41 <20.7> green slapd[18408]: conn=96 fd=19 ACCEPT from IP=127.0.0.1:1749 (IP=0.0.0.0:389)
Nov 3 16:15:41 <20.7> green slapd[18408]: conn=96 op=0 BIND dn="cn=Manager,dc=mydomain,dc=com" method=128
Nov 3 16:15:41 <20.7> green slapd[18408]: conn=96 op=0 BIND dn="cn=Manager,dc=mydomain,dc=com" mech=SIMPLE ssf=0
Nov 3 16:15:41 <20.7> green slapd[18408]: conn=96 op=0 RESULT tag=97 err=0 text=
Nov 3 16:15:41 <20.7> green slapd[18408]: conn=96 op=1 PROXYAUTHZ dn="uid=jon,cn=simple,cn=auth"
Nov 3 16:15:41 <20.7> green slapd[18408]: conn=96 op=2 SRCH base="uid=jon,cn=simple,cn=auth" scope=0 deref=0 filter="(objectClass=*)"
Nov 3 16:15:41 <20.7> green slapd[18408]: conn=96 op=2 SEARCH RESULT tag=101 err=32 nentries=0 text=
Nov 3 16:23:59 <20.7> green slapd[18408]: conn=96 fd=19 closed
Could someone give a working example, which I think will probably help a lot. There is a lack of documentation on how group information is looked up - it's not even immediately clear to me that "ptloader" is actually for that.
Notes: I plan to use simple binds (with TLS) between the ldap server and any of its clients (including the imap server), so I don't require any SASL configuration at that stage. I have a free hand about schemas and database contents, so the user and group information can be stored in the LDAP database in any reasonably sensible manner.
System details:
cyrus-imapd-2.2.8 cyrus-sasl-2.1.19_1 cyrus-sasl-saslauthd-2.1.19 openldap-server-2.2.17 FreeBSD 4.10-PRERELEASE
Thanks,
Jon
--- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
