sasl ldap simple bind request
Howard Chu
hyc at highlandsun.com
Tue Jul 15 16:52:14 EDT 2008
George Forman wrote:
> Based on my testing of saslauthd using ldap for authentication, the bind
> and the fastbind
> configuration doesn't support my needs.
> It appears in the bind method, an anonymous bind is first completed,
> then a ldap search is
> requested looking for the user's DN. Once the DN is returned, a second
> simple bind request
> is sent using the user's DN, uid and password.
> I tried the fastbind but it seemed to try to bind using the password
> specified in saslauthd.conf
> and then did an ldap search. If I remove the ldap_bind_pw, it does an
> anonymous bind which
> doesn't meet my requirements.
>
>
> I need to do a simple ldap bind using the user's credentials and the
> password provided.
saslauthd cannot do an LDAP Simple Bind until it has mapped the user's name to
an LDAP DN. So it always needs to do a search first, to perform this mapping.
> Is creating a new plugin my best option?
Is there a specific reason you need to use saslauthd? Does your LDAP server
support SASL authentication? If so, try using the ldapdb auxprop instead.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the Cyrus-sasl
mailing list