dovecot: allow sasl_bind=yes in the LDAP driver.

Dovecot has its own SASL implementation,
but needs Cyrus SASL's headers to bind to an LDAP server using SASL.

This is useful to avoid the need to manage a dnpass= in dovecot-ldap.conf
by using the Unix socket to authenticate.

This is done with sasl_mech=EXTERNAL in dovecot-ldap.conf, and some olcAccess: with
 by dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
in the slapd's cn=config for the LDAP database queried by dovecot/auth (which runs as root).

1 files changed, 2 insertions, 2 deletions

diff --git a/pkgs/servers/mail/dovecot/default.nix b/pkgs/servers/mail/dovecot/default.nix
index acd08f658e66..5b7f433feb63 100644
--- a/pkgs/servers/mail/dovecot/default.nix
+++ b/pkgs/servers/mail/dovecot/default.nix
@@ -1,6 +1,6 @@
 { stdenv, lib, fetchurl, perl, pkgconfig, systemd, openssl
 , bzip2, zlib, lz4, inotify-tools, pam, libcap
-, clucene_core_2, icu, openldap, libsodium, libstemmer
+, clucene_core_2, icu, openldap, libsodium, libstemmer, cyrus_sasl
 # Auth modules
 , withMySQL ? false, mysql
 , withPgSQL ? false, postgresql
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
 
   nativeBuildInputs = [ perl pkgconfig ];
   buildInputs =
-    [ openssl bzip2 zlib lz4 clucene_core_2 icu openldap libsodium libstemmer ]
+    [ openssl bzip2 zlib lz4 clucene_core_2 icu openldap libsodium libstemmer cyrus_sasl.dev ]
     ++ lib.optionals (stdenv.isLinux) [ systemd pam libcap inotify-tools ]
     ++ lib.optional withMySQL mysql.connector-c
     ++ lib.optional withPgSQL postgresql