sasl ldap simple bind request

Howard Chu hyc at highlandsun.com
Tue Jul 15 16:52:14 EDT 2008


George Forman wrote:
> Based on my testing of saslauthd using ldap for authentication, the bind
> and the fastbind
> configuration doesn't support my needs.
> It appears in the bind method, an anonymous bind is first completed,
> then a ldap search is
> requested looking for the user's DN. Once the DN is returned, a second
> simple bind request
> is sent using the user's DN, uid and password.
> I tried the fastbind but it seemed to try to bind using the password
> specified in saslauthd.conf
> and then did an ldap search. If I remove the ldap_bind_pw, it does an
> anonymous bind which
> doesn't meet my requirements.
>
>
> I need to do a simple ldap bind using the user's credentials and the
> password provided.

saslauthd cannot do an LDAP Simple Bind until it has mapped the user's name to 
an LDAP DN. So it always needs to do a search first, to perform this mapping.

> Is creating a new plugin my best option?

Is there a specific reason you need to use saslauthd? Does your LDAP server 
support SASL authentication? If so, try using the ldapdb auxprop instead.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/


More information about the Cyrus-sasl mailing list