* Benny Pedersen <m...@junc.eu>: > Patrick Ben Koetter skrev den 2013-11-05 21:57: > > >>http://www.postfix.org/SASL_README.html#auxprop_ldapdb > > cyrus sasl does not need to have running saslauthd for mysql auth, > is this diff for ldap ?
In order to use an SQL backend with Cyrus SASL you have to use either PAM and let it connect to the MySQL server or use Cyrus SASL's own 'sql' auxprop plugin. > and if dovecot is working one does not need to setup cyrussasl api > lib at all Yes, if you also use Dovecot you can do that. You can even talk to dovecot over a tcp socket on a different host. > i lost the link to openvisp smtpd.conf where i showed what is needed > to mysql, but todays page is not found anymore Take a look at the (not published) man page attached. Use 'man -l sql.5' to display it. p@rick -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
'\" t .\" Title: sql .\" Author: Simon Loader <si...@surf.org.uk> .\" Generator: DocBook XSL Stylesheets v1.75.1 <http://docbook.sf.net/> .\" Date: 02/13/2010 .\" Manual: Cyrus SASL Manual .\" Source: Version 2.1.23 .\" Language: English .\" .TH "SQL" "5" "02/13/2010" "Version 2\&.1\&.23" "Cyrus SASL Manual" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" sql \- auxiliary property plugin .SH "SYNOPSIS" .PP Cyrus SASL auxprop plugin to access sql authentication backends\&. .SH "DESCRIPTION" .PP This document describes configuration options for the Cyrus SASL auxiliary property plugin \fBsql\fR\&. .PP sql is a generic plugin for various SQL backends\&. Currently it provides access to either MySQL, PostgreSQL or SQLite databases\&. .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBNote\fR .ps -1 .br .PP The plugin requires that passwords in the database are stored in plaintext format in order to use shared\-secret mechanisms\&. .sp .5v .RE .SH "CONFIGURATION SYNTAX" .PP The following syntax is mandatory for \fBsql\fR plugin configuration: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} SQL statements specified with \fIsql_select\fR, \fIsql_select\fR and \fIsql_select\fR must not be enclosed in quotes\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Macros, e\&.g\&. \fB%u\fR, \fB%r\fR and \fB%v\fR, specified within SQL statements must be quoted individually\&. .RE .PP See the section called \(lqEXAMPLE\(rq for a valid configuration example\&. .SH "OPTIONS" .PP The following configuration parameters are applicable in the context of the \fBsql\fR plugin: .PP \fIsql_engine\fR (default: \fBmysql\fR) .RS 4 Specifies the type of SQL engine to use for connections to the SQL backend\&. The following types are available: .PP \fBmysql\fR .RS 4 Enables the mysql driver for connections to a MySQL server\&. .RE .PP \fBpgsql\fR .RS 4 Enables the pgsql driver for connections to a PostgreSQL server\&. .RE .PP \fBsqlite\fR .RS 4 Enables the sqlite driver for connections to a SQLite 2 database\&. .RE .PP \fBsqlite3\fR .RS 4 Enables the sqlite driver for connections to a SQLite 3 database\&. .RE .RE .PP \fIsql_hostnames\fR (default: empty) .RS 4 A comma\-separated list of one or more SQL servers the plugin should try to connect to and query from\&. Specify servers separated in hostname[:port] format\&. .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBNote\fR .ps -1 .br Specify localhost when using the MySQL engine to communicate over a UNIX domain socket and 127\&.0\&.0\&.1 to attempt a connection that uses a TCP socket\&. .sp .5v .RE .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBNote\fR .ps -1 .br This option will be ignored if \fIsql_engine\fR is set to either \fBsqlite\fR or \fBsqlite3\fR\&. .sp .5v .RE .RE .PP \fIsql_user\fR (default empty) .RS 4 Configures the username the plugin will send when it authenticates to the SQL server\&. .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBNote\fR .ps -1 .br This option will be ignored if \fIsql_engine\fR is set to either \fBsqlite\fR or \fBsqlite3\fR\&. .sp .5v .RE .RE .PP \fIsql_passwd\fR (defaults: empty) .RS 4 Configures the password the plugin will send when it authenticates to the SQL server\&. .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBNote\fR .ps -1 .br This option will be ignored if \fIsql_engine\fR is set to either \fBsqlite\fR or \fBsqlite3\fR\&. .sp .5v .RE .RE .PP \fIsql_database\fR (default: empty) .RS 4 Specifies the name of the database which contains auxiliary properties (e\&.g\&. username, realm, password etc\&.) .RE .PP \fIsql_select\fR (default: empty) .RS 4 Mandatory SELECT statement used to fetch properties from the SQL database\&. .RE .PP \fIsql_insert\fR (default: empty) .RS 4 Optional INSERT statement used to create properties for new users in the SQL database\&. .RE .PP \fIsql_update\fR (default: empty) .RS 4 Optional UPDATE statement used to modify properties in the SQL database\&. .RE .PP \fIsql_usessl\fR (default: \fBno\fR) .RS 4 Specify either \fByes\fR, \fBon\fR, \fB1\fR or \fBtrue\fR, and the plugin will try to establish a secure connection to the SQL server\&. .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBNote\fR .ps -1 .br This option is available for MySQL backends only\&. It will be ignored if \fIsql_engine\fR is set to either \fBsqlite\fR or \fBsqlite3\fR\&. .sp .5v .RE .RE .SS "Macros" .PP The sql plugin provides macros to build \fIsql_select\fR, \fIsql_select\fR and \fIsql_select\fR statements\&. They will be replaced with arguments sent from the client\&. The following macros exist: .PP %u .RS 4 The name of the user whose properties are being selected, inserted or updated\&. .RE .PP %p .RS 4 The name of the property being selected, inserted or updated\&. While this could technically be anything, Cyrus SASL will try \fIuserPassword\fR and \fIcmusaslsecret\fR\fI\fIMECHNAME\fR\fR (where \fIMECHNAME\fR is the name of a SASL mechanism)\&. .RE .PP %r .RS 4 Name of the realm to which the user belongs\&. This could be the KERBEROS realm, the FQDN of the computer the SASL application is running on or whatever is after the @ on a username\&. .RE .PP %v .RS 4 Value of the property (generally userPassword) being stored during insert or update operations\&. .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBNote\fR .ps -1 .br This option will be ignored if \fIsql_engine\fR is set to either \fBsqlite\fR or \fBsqlite3\fR\&. .sp .5v .RE .RE .SH "EXAMPLE" .PP The following example shows a typical sql configuration: .sp .if n \{\ .RS 4 .\} .nf # GENERIC options pwcheck_method: auxprop auxprop_plugin: sql mech_list: plain login cram\-md5 digest\-md5 # SQL auxprop plugin options sql_engine: pgsql sql_hostnames: 127\&.0\&.0\&.1, 192\&.0\&.2\&.1 sql_user: username sql_passwd: secret sql_database: company sql_select: SELECT password FROM users WHERE user = \'%u\'@\'%r\' .fi .if n \{\ .RE .\} .SH "SEE ALSO" .PP \fBldapdb\fR(5), \fBlibsasl\fR(5), \fBsaslauthd\fR(8), \fBsaslauthd.conf\fR(5), \fBsasldb\fR(5), \fBsasldblistusers2\fR(8), \fBsasldblistusers.conf\fR(5), \fBsaslpasswd2\fR(8), \fBsaslpasswd.conf\fR(5), \fBsql\fR(5) .SH "AUTHORS" .PP \fBSimon Loader\fR <\&simon@surf\&.org\&.uk\&> .RS 4 Wrote the MySQL auxprop plugin .RE .PP \fBKen Murchinson\fR <\&murch@andrew\&.cmu\&.edu\&> .RS 4 Worked on this plugin .RE .PP \fBPatrick Ben Koetter\fR <\&p@state\-of\-mind\&.de\&> .RS 4 Wrote this man page .RE
