qmail ldap users

Hasse Hagen Johansen | 1 Jul 2011 15:15

Re: Authenticate

>>>>> "Friedrich" == Friedrich Locke <friedrich.locke <at> gmail.com> writes:

    Friedrich> I got this working for ldap server.  I can log into the
    Friedrich> openldap server using GSSAPI (-Y flag) and simple bind
    Friedrich> (userPassword: {SASL}xxx <at> MY.DOMAIN) and it works ok by
    Friedrich> both methods.  But for {SASL}xyz to work i had to write
    Friedrich> "pwcheck_method: saslauthd" into
    Friedrich> /usr/local/lib/sasl2/slapd.conf.

    Friedrich> Is it necessary to create configuration files for qmail
    Friedrich> (pop3,smtp, ...) inside /usr/local/lib/sasl2/ for each of
    Friedrich> qmail services ? Or what i have done for slapd is enough?

I think I understand what you mean now. You are asking if the qmail
daemons is able to follow the {SASL}xyz syntax? I actually don't know that
because I havent used such an ldap setup with qmail-ldap :(

Best Regards
Hasse Hagen Johansen

headers

Friedrich Locke | 1 Jul 2011 20:13

Re: Authenticate

Ok, see below:

On Fri, Jul 1, 2011 at 10:15 AM, Hasse Hagen Johansen <hhj <at> musikcheck.dk> wrote:
>>>>>> "Friedrich" == Friedrich Locke <friedrich.locke <at> gmail.com> writes:
>
>    Friedrich> I got this working for ldap server.  I can log into the
>    Friedrich> openldap server using GSSAPI (-Y flag) and simple bind
>    Friedrich> (userPassword: {SASL}xxx <at> MY.DOMAIN) and it works ok by
>    Friedrich> both methods.  But for {SASL}xyz to work i had to write
>    Friedrich> "pwcheck_method: saslauthd" into
>    Friedrich> /usr/local/lib/sasl2/slapd.conf.
>
>    Friedrich> Is it necessary to create configuration files for qmail
>    Friedrich> (pop3,smtp, ...) inside /usr/local/lib/sasl2/ for each of
>    Friedrich> qmail services ? Or what i have done for slapd is enough?
>
> I think I understand what you mean now. You are asking if the qmail
> daemons is able to follow the {SASL}xyz syntax? I actually don't know that
> because I havent used such an ldap setup with qmail-ldap :(

What about a try?

> Best Regards
> Hasse Hagen Johansen
>
>

thanks

(Continue reading)

headers

Hasse Hagen Johansen | 1 Jul 2011 20:38

Re: Authenticate

On Jul 1, 2011, at 8:13 PM, Friedrich Locke wrote:

Ok, see below:

On Fri, Jul 1, 2011 at 10:15 AM, Hasse Hagen Johansen <hhj <at> musikcheck.dk> wrote:
"Friedrich" == Friedrich Locke <friedrich.locke <at> gmail.com> writes:

Friedrich> I got this working for ldap server. I can log into the

Friedrich> openldap server using GSSAPI (-Y flag) and simple bind

Friedrich> (userPassword: {SASL}xxx <at> MY.DOMAIN) and it works ok by

Friedrich> both methods. But for {SASL}xyz to work i had to write

Friedrich> "pwcheck_method: saslauthd" into

Friedrich> /usr/local/lib/sasl2/slapd.conf.

Friedrich> Is it necessary to create configuration files for qmail

Friedrich> (pop3,smtp, ...) inside /usr/local/lib/sasl2/ for each of

Friedrich> qmail services ? Or what i have done for slapd is enough?

I think I understand what you mean now. You are asking if the qmail

daemons is able to follow the {SASL}xyz syntax? I actually don't know that

because I havent used such an ldap setup with qmail-ldap :(

What about a try?

Sorry. i cannot help you with that. It is many years since I had a qmail-ldap setup. I think it should work if qmail-ldap is accessing the ldap directory in a standard way. Anyway you will need the ldap server confiugred as a SASL client to the SASL server you would authenticate against. At work we use that kind of setup for check passwords against an Active Directory. That is we sync the users to the ldap server but without the password and then chech the password via SASL