<div dir="ltr">Hi - <div><br></div><div>I am trying to write a custom application that uses cyrus-sasl to authenticate on behalf of its users with Active Directory via the ldapdb auxprop plugin. I am running in to problems with proxy authentication.</div>
<div><br></div><div>Reading the ldapdb source code, I see the following line in ldapdb_connect:</div><div><br></div><div>cp->c.ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;<br></div><div><br></div><div>shortly before ldap_sasl_interactive_bind which fails with error 49 (invalid credentials).</div>
<div><br></div><div>It seems that Active Directory (up to 2008, at least) doesn't support this oid. Is it therefore impossible to use the ldapdb auxprop plugin to authenticate against Active Directory? If so, are there alternative mechanisms I could use instead?</div>
<div><br></div><div>My app's sasl conf file follows:</div><div><br></div><div><div>log_level: 65535</div><div>pwcheck_method: auxprop</div><div>auxprop_plugin: ldapdb</div><div>mech_list: PLAIN</div><div>ldapdb_uri: ldap://**********<br>
</div><div>ldapdb_id: dn:CN=****,CN=users,DC=****-ad,DC=local<br></div><div>ldapdb_pw: ****<br></div><div>ldapdb_mech: DIGEST-MD5</div><div>ldapdb_starttls: try</div><div><br></div></div><div>Many thanks in advance,</div>
<div><br></div><div>Henry</div></div>