magic-lamp

Cyrus-SASL & Cyrus-IMAP & OpenLDAP on RedHat 7.3

Disclaimer

The following document is offered in good faith as comprising only safe programming and procedures. No responsibility is accepted by the author for any loss or damage caused in any way to any person or equipment, as a direct or indirect consequence of following these instructions.

Get started

This looks quite easy, and it is if you stick to the instructions below.

One of the things to know is that only plaintext passwords work with IMAP->SASL->LDAP. A good way around this is to set up TLS/SSL.

Also - never put mailboxes on an NFS share.

And remember that even though you're setting up saslauthd to lookup in LDAP, when you use cyradm --user cyrus localhost, it's still going to use the /etc/sasl2/sasldb2 database for authenticating the cyrus user. In order to be able to test using cyradm you'll need to set up an account in sasldb2: saslpasswd2 -c cyrus. Once this is done you can create mailboxes using cyradm on the command line.

  1. Get OpenLDAP working fine.
    • It's worth getting GQ to make sure your LDAP connection and directory are as you expect
    • It's worth getting Directory Administrator to maintain your LDAP authentication directory
  2. Download the SRC RPM's for CyrusSASL, Cyrus-IMAP and perl-Cyrus by Simon Matter from http://home.teleport.ch/simix
  3. Compile and install SASL (you'll need the output later for testing)
    1. Configure connectivity to LDAP at /etc/saslauthd.conf. Documentation for this is in /usr/share/doc/cyrus-sasl-??????/LDAP_SASLAUTHD
    2. Configure saslauthd to start with LDAP as the database at /etc/sysconfig/saslauthd by addming MECH=ldap
    3. To test SASL unpack the SRC RPM
      1. go to the files at /usr/src/redhat/SOURCES/
      2. unpack cyrus-sasl-2?????
      3. get the configure line from the compile output that contains the string --with-ldap and configure the sources
      4. enter the saslauthd folder and make testsaslauthd
      5. now use this to test that SASL is successfully authenticating against the LDAP database
  4. Compile and install Cyrus-IMAP
    1. Configure /etc/imapd.conf like this at least 
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
allowplaintext: no


Copyleft © 1998 - 2007 • Jinn Koriech