sasl ldap simple bind request
George Forman
georgeforman69 at hotmail.com
Thu Jul 17 08:18:38 EDT 2008
> George Forman wrote:
> > Based on my testing of saslauthd using ldap for authentication, the bind
> > and the fastbind
> > configuration doesn't support my needs.
> > It appears in the bind method, an anonymous bind is first completed,
> > then a ldap search is
> > requested looking for the user's DN. Once the DN is returned, a second
> > simple bind request
> > is sent using the user's DN, uid and password.
> > I tried the fastbind but it seemed to try to bind using the password
> > specified in saslauthd.conf
> > and then did an ldap search. If I remove the ldap_bind_pw, it does an
> > anonymous bind which
> > doesn't meet my requirements.
> >
> >
> > I need to do a simple ldap bind using the user's credentials and the
> > password provided.
>
> saslauthd cannot do an LDAP Simple Bind until it has mapped the user's name to
> an LDAP DN. So it always needs to do a search first, to perform this mapping.
>
> > Is creating a new plugin my best option?
>
> Is there a specific reason you need to use saslauthd? Does your LDAP server
> support SASL authentication? If so, try using the ldapdb auxprop instead.
>
Please excuse my ignorance, I'm just getting spun up on this project.
I have been asked to see if we can use postfix. We have a service with a
rudimentary ldap front end which just accepts a simple bind request converts it into an internal lookup.
I have been told the ldap front end does not support ldap search. To add to my problem, we have several
email address domains so for each request the DN must be different. The rudimentary ldap front requires the DN
to be something like uid=,ou=poeple,dc=,dc=,dc=. I must use the email address's domain name to create the DN's dc= values
before I send the simple bind request, therefore, I can't configure the ldap_bind_dn because I can't express it like the ldap_filter.
(ie ldap_filter: uid=%U,ou=people,dc=%9...dc=%1).
Is there a way I can create a custom ldap bind request without having to modify the code?
_________________________________________________________________
With Windows Live for mobile, your contacts travel with you.
http://www.windowslive.com/mobile/overview.html?ocid=TXT_TAGLM_WL_mobile_072008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.andrew.cmu.edu/mailman/private/cyrus-sasl/attachments/20080717/b85078ef/attachment.html
More information about the Cyrus-sasl
mailing list