Table of content
  1. Configuration
  2. Startup

Allowing SASL authentification using LDAP as backend.

Build information

Ensure the following options:

security/cyrus-sasl2
1
2
3
4
5
6
7
8
9
10

[ ] ALWAYSTRUE           Alwaystrue password verifier (discouraged)
[x] AUTHDAEMOND          Use of authdaemon
[x] ANONYMOUS            ANONYMOUS authentication
[x] CRAM                 CRAM-MD5 authentication
[x] DIGEST               DIGEST-MD5 authentication
[x] LOGIN                LOGIN authentication
[x] NTLM                 NTLM authentication
[x] OTP                  OTP authentication
[x] PLAIN                PLAIN authentication
[x] SCRAM                SCRAM authentication
security/cyrus-sasl2-saslauthd
1
2
3

[x] HTTPFORM             Enable HTTP form authentication
[x] OPENLDAP             Use OpenLDAP
[x] OPENLDAP_SASL        OpenLDAP client with SASL2 support

Configuration

Authentication is done (in this configuration) through the user mail address which is used as identifier.

saslauthd.conf
1
2
3
4

ldap_servers: ldapi://%2fvar%2frun%2fopenldap%2fldapi/
ldap_search_base: ou=People,dc=example,dc=com
ldap_timeout: 10
ldap_filter: mail=%u@%r

Startup

rc.conf
1
2

saslauthd_enable="YES"
saslauthd_flags="-a ldap -c -t 30"