Setup Cyrus SASL with LDAP

August 09, 2016

Reading time ~1 minute

Intro

Although Dovecot provides it's own SASL, I opted for Cyrus SASL. It is fairly simple to configure both, but in this post I will demonstrate what worked for me.

/etc/saslauthd.conf

ldap_servers: ldap://ldap.example.net
ldap_version: 3
ldap_search_base: ou=Mail,dc=example,dc=net
ldap_scope: sub
ldap_filter: (&(uid=%u)(mailEnabled=TRUE))
ldap_auth_method: bind
ldap_timeout: 10
ldap_time_limit: 10

For LDAP authentication the above options worked in my environment. To use the mailEnabled attribute make sure postfix-book.schema is loaded into your LDAP implementation like OpenLDAP. With this we're basically saying users who have Enabled accounts are allowed to authenticate.

/etc/conf.d/saslauthd

SASLAUTHD_OPTS="-a ldap"

/usr/lib/sasl2/smtpd.conf

pwcheck_method: saslauthd
mech_list: plain
log_level: 7

Once everything is in place a simple systemctl restart saslauthd is all that is needed. You should now be able to add your LDAP account credentials to any mail application's SMTP settings.

comments powered by Disqus

Monitoring a remote Nagios instance

Intro I wanted a quick way to monitor a remote Nagios host from a secondary Linux server in the event the primary Nagios instance became una…… Continue reading

Splunk Enterprise (Free) LDAP auth in Apache

Published on August 03, 2017

Setup user specific mail quotas with LDAP

Published on August 13, 2016