Setup Cyrus SASL with LDAP

August 09, 2016

Reading time ~1 minute


Although Dovecot provides it's own SASL, I opted for Cyrus SASL. It is fairly simple to configure both, but in this post I will demonstrate what worked for me.


ldap_servers: ldap://
ldap_version: 3
ldap_search_base: ou=Mail,dc=example,dc=net
ldap_scope: sub
ldap_filter: (&(uid=%u)(mailEnabled=TRUE))
ldap_auth_method: bind
ldap_timeout: 10
ldap_time_limit: 10

For LDAP authentication the above options worked in my environment. To use the mailEnabled attribute make sure postfix-book.schema is loaded into your LDAP implementation like OpenLDAP. With this we're basically saying users who have Enabled accounts are allowed to authenticate.




pwcheck_method: saslauthd
mech_list: plain
log_level: 7

Once everything is in place a simple systemctl restart saslauthd is all that is needed. You should now be able to add your LDAP account credentials to any mail application's SMTP settings.

Splunk Enterprise (Free) LDAP auth in Apache

Intro I have used Splunk for years and still use Splunk Enterprise at work and for my own use as part of the Free license group. With Splunk…… Continue reading

Setup user specific mail quotas with LDAP

Published on August 13, 2016