From: Nikola Milutinovic (no email)
Date: Sat Jul 08 2006 - 06:43:06 EDT
> Does anyone have a working recipe for getting Cyrus to authenticate via
> Active Directory? I would greatly appreciate any assistance you can offer.
Welcome to the club.
I have tried my best to integrate Cyrus IMAP into ADS properly, but have almost always fallen short. My colleague and I have managed to get AUTH PLAIN to work, via SASLAuth Daemon, using LDAP.
My further attempt to use GSSAPI/Kerberos5 were met with limited success. Kerberos5 works, I created a service account in ADS (a normal user-like account), created and extracted a Kerberos5 key for IMAP/ and I was able to use "cyradm" and authenticate via Kerberos against ADS. Unfortunately, the only client I was able to make use this mechanism was Thunderbird 1.5 on SuSE Linux 10.0. All other clients, including Outlook Express, failed to connect from a Windows workstation.
Next, I thought of setting up LDAP-DB for CRAM-MD5 and DIGEST-MD5 (and PLAIN). The problem is, the directions are sketchy, at best. I'm not sure, but I think I should install MS Services For UNIX, in order to have the LDAP schema in a for compliant to RFC which describes POSIX account data schema.
I might revisit the LDAP part, once MS SFU sets in. Kerberos remains a mistery. Client side debugging is relatively non-existent. If anyone else can shed some light onto this, I, too, would appreciate it.
Nix.
---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|