The delegateldap Cyrus SASL plugin allows you to forward SASL requests from server (like a SMTP or POP server) to a willing OpenLDAP server. The server that the delegate server is installed on does not need access to the OpenLDAP server's passwords. The OpenLDAP server must have SASL authentication installed, configured and working corretly. You'll notice that the delegateldap plugin library does not live in this directory. It is not loaded automatically by Cyrus SASL. Instead you must load it explicitly in the sasl config file for the service that you are authenticating. Add lines like this to that service. # The plugin_list file is *very* fragile, like much of cyrus-sasl plugin_list: @LIBDIR@/sasl2/delegateldap.sasl delegateldap_uri: ldap://ldap.example.com/ delegateldap_tls: no