The following document is offered in good faith as comprising only safe programming and procedures. No responsibility is accepted by the author for any loss or damage caused in any way to any person or equipment, as a direct or indirect consequence of following these instructions.
Gentoo Linux is amazing! Setting up Cyrus IMAP + SASL + OpenLDAP was quite straight forward (once I realized cyradm always uses the sasldb2 directly, and bypasses saslauthd).
First you need to emerge the tools you need. Before doing this I put
ldap into my USE flags in /etc/make.conf since I want to use
LDAP for everything except the system authentication.
Now you simply emerge openldap cyrus-imapd cyrus-imapd-admin
cyrus-sasl. Leave that for some time - perhaps have your lunch/dinner
or some fruit ;-).
When that's all done you need to setup your LDAP host. There is existing documentation for this, and it is beyond the scope of this howto, however I do intend to write up a mini-howto on getting LDAP off the ground (at some point).
Edit /etc/conf.d/saslauthd.conf to include the follwing lines:
SASL_AUTHMECH=ldap
SASLAUTHD_OPTS="-a ${SASL_AUTHMECH} -O /etc/sasl2/saslauthd.conf
Notice the ammendment to the SASLAUTHD_OPTS line - I added the
-O /etc/sasl2/saslauthd.conf section to tell saslauthd to
read the configuration file.
I also had to comment out the section on RIMAP since I'm not using it, and also the TIME_OF_DAY restrictions since I don't mind that either.
Now create /etc/saslauthd.conf and put your LDAP configuration
settings in there. They should look like this:
ldap_servers: ldap://localhost:389/
ldap_bind_dn: uid=cyrus,ou=auth,dc=example,dc=com
ldap_bind_pw: secret
ldap_search_base: ou=auth,dc=example,dc=com
Now restart saslauthd (/etc/init.d/saslauthd restart).
Create a cyrus user in the standard sasldb2 file:
saslpasswd2 -c cyrus and provide the password interactively.
Login to cyradm: cyradm --user cyrus localhost. Now you
can create user accounts: cm user.joe. Notice the user.
this is required for the accounts. You may also set up other details, such as ACL's
and quotas at this point if you desire.
For each user you setup in Cyrus-IMAP you must also set up a corresponding user in OpenLDAP. A good tool for managing this is directory_administrator.
These notes are rough and written up all in one burst. I will make the effort to clean this up, however I wanted to document the experience before going to bed ;-)
If there is anything you feel I could clean up please send me a message using my contact form.
2003-11-01 :: Jinn Koriech
