[Dovecot] User database ldap lookups and sasl
Hello
I'm currently trying to use Active Directory with Unix extensions to store UID, GID and homedir and retrieve them with ldap I don't want to allow anonymous bindings and I would rather not use TLS and manage a PKI. So I'm trying to use SASL to do a Kerberos authentication for Dovecot against AD LDAP. I'm currently getting GSSAPI errors about the lack of "credentials cache". Looking at similar cases where services act as clients, like using nss_ldap for unix host accounts, I understand the credentials cache should be initiated by an external program (cron and startup script), at least with the TGT and maybe the TGS for ldap. Since usually kerberosv5 cache is based on the user id ( /tmp/krb5cc_0 for root) there's an option in ldap.conf (krb5_ccname) to set the filename (/etc/.ldapcache in nss_ldap tutorials) for this cache. Is there any way to do this with dovecot-ldap.conf or should I try to use "auth user" default cache filename ?
Thanks in advance
participants (1)
-
olivier castan