On Sat, 3 Dec 2005, Bill Kearney wrote:
Heh, 'easy enough' and LDAP rarely seem to be found together. Throw in SASL
and it /really/ goes downhill.
I figure it should be easy but given that I've never actually made a
'generic' LDAP connection to an active directory I'm not entirely sure where
to start. And given the potential for amount of time fiddling with sasl is
known to absorb I'm doubly cautious.
I use cyrus-imapd -> saslauthd -> pam_ldap -> iplanet directory server.
At our site, we create unix accounts by creating ldap entries in the
iplanet directory server, then we create matching, synchronized accounts
in AD for Windows. To the end users, it appears as one account.
I don't authenticate against AD for cyrus, but I'm fairly familiar with
using LDAP to talk to AD. Do you have any specific questions? I know of
no reason it wouldn't work using pam_ldap as above.
Andy
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
