[Dovecot] User database ldap lookups and sasl
olivier castan
ocastan at gmail.com
Fri Oct 5 23:17:22 EEST 2007
Hello
I'm currently trying to use Active Directory with Unix extensions to
store UID, GID and homedir and retrieve them with ldap
I don't want to allow anonymous bindings and I would rather not use
TLS and manage a PKI.
So I'm trying to use SASL to do a Kerberos authentication for Dovecot
against AD LDAP.
I'm currently getting GSSAPI errors about the lack of "credentials cache".
Looking at similar cases where services act as clients, like using
nss_ldap for unix host accounts, I understand the credentials cache
should be initiated by an external program (cron and startup script),
at least with the TGT and maybe the TGS for ldap.
Since usually kerberosv5 cache is based on the user id ( /tmp/krb5cc_0
for root) there's an option in ldap.conf (krb5_ccname) to set the
filename (/etc/.ldapcache in nss_ldap tutorials) for this cache.
Is there any way to do this with dovecot-ldap.conf or should I try to
use "auth user" default cache filename ?
Thanks in advance
More information about the dovecot
mailing list