From maddog at mir.com Fri Jun 5 01:28:19 2020 From: maddog at mir.com (Matto Marjanovic) Date: Thu, 4 Jun 2020 22:28:19 -0700 Subject: Pull Request #611: Increase MAX_REQ_LEN to allow transport of more sophisticated credentials Message-ID: Hi, I submitted a pull request 4 weeks ago: https://github.com/cyrusimap/cyrus-sasl/pull/611 I just now noticed that the cyrus developer notes say "(a quick note to the mailing list can speed this along)" regarding getting a review, so here is my quick note. -mm From quanah at symas.com Fri Jun 5 11:50:44 2020 From: quanah at symas.com (Quanah Gibson-Mount) Date: Fri, 05 Jun 2020 08:50:44 -0700 Subject: Pull Request #611: Increase MAX_REQ_LEN to allow transport of more sophisticated credentials In-Reply-To: References: Message-ID: <7186E8A7D483F1E0F43D1581@[192.168.1.144]> --On Thursday, June 4, 2020 11:28 PM -0700 Matto Marjanovic wrote: > Hi, > > I submitted a pull request 4 weeks ago: > > https://github.com/cyrusimap/cyrus-sasl/pull/611 > > I just now noticed that the cyrus developer notes say "(a quick note to > the mailing list can speed this along)" regarding getting a review, so > here is my quick note. Hi Matto, I'm waiting on the ongoing licensing and contribution process questions to be answered before working on any pull requests. There's still work being done to de-couple the cyrus-sasl software from CMU and addressing what licensing, etc should look like. Which affects what terms pull requests can be accepted under. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: From d.faller at live.de Sat Jun 20 03:33:38 2020 From: d.faller at live.de (David Faller) Date: Sat, 20 Jun 2020 07:33:38 +0000 Subject: SASL Ldap Group Filter Request Message-ID: Dear all, we want to add to saslauthd.conf an ldap group filtering. How I understand, it?s possible that saslauthd can check under an ou listed groups which are linked to users which should have access or instead to search for groups it?s Possible to specify a single group. Here?s my configuration ldap_servers: ldap://ddcl001.company-group.dir ldap_search_base: dc=company-group,dc=dir #ldap_filter: sAMAccountName=%U ldap_filter: userPrincipalName=%u #ldap_version: 3 ldap_auth_method: bind ldap_bind_dn: cn=Administrator,cn=Users,dc=company-group,dc=dir ldap_bind_pw: ******** ldap_scope: sub ldap_debug: -1 # Group Check Test #ldap_group_search_base: ou=groups,ou=Exchange,DC=company-group,DC=dir #ldap_group_attr: sAMAccountName #ldap_group_match_method: filter #ldap_group_filter: (sAMAccountName=%U) #ldap_group_scope: sub #ldap_size_limit: 0 #ldap_verbose: on I don?t know if the samba AD DC store the attr memberUid, with this one it was also not working to authenticate, without the group check saslauthd works fine. Some help here at this point would be fine, Best Regards, David Faller -------------- next part -------------- An HTML attachment was scrubbed... URL: From d.faller at live.de Sun Jun 21 04:26:34 2020 From: d.faller at live.de (David Faller) Date: Sun, 21 Jun 2020 08:26:34 +0000 Subject: SASL Ldap Group Filter Request Message-ID: I had also new questions with no answers, What would be the best practice, use a single filter or better multiple groups on ou? Single filter works fine when I change ldap_filter: ldap_filter: (&(userPrincipalName=%u)(memberOf=CN=SASL,OU=groups,OU=Exchange,DC=company-group,DC=dir)) I played around the other way to use ldap_group_match_method: filter but it?s still not working this way. It would be nice, when all groups under an ou could have access, so I need to create for our Mailserver multiple groups. Best Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: