[Dovecot] User database ldap lookups and sasl
Olivier Castan
castan.o at free.fr
Wed Oct 10 07:49:56 EEST 2007
Hello
I'm currently trying to use Active Directory with Unix extensions to
store UID, GID and homedir and retrieve them with ldap.
I don't want to allow anonymous bindings and I would rather not use
TLS and manage a PKI.
So I'm trying to use SASL to do a Kerberos authentication for Dovecot
against AD LDAP.
I'm currently getting GSSAPI errors about the lack of "credentials
cache". Looking at similar cases where services act as clients, like
using nss_ldap for unix host accounts, I understand the credentials
cache should be initiated by an external program (cron and startup
script), at least with the TGT and maybe the TGS for ldap.
Since usually kerberosv5 cache is based on the user id ( /tmp/krb5cc_0
for root) there's an option in ldap.conf (krb5_ccname) to set the
filename (/etc/.ldapcache in nss_ldap tutorials) for this cache.
Is there any way to do this with dovecot-ldap.conf or should I try to
use "auth user" default cache filename ?
Thanks in advance
More information about the dovecot
mailing list