multiple instances of saslauthd

Dan White dwhite at
Mon Mar 22 18:37:26 EDT 2010

On 22/03/10 17:26 +0000, Purahoo, Krishan wrote:
> Hi all,
>         I am trying to authenticate against multiple Active Directory
> servers from openldap.
> I have started multiple (two) saslauthd servers and can use  
> testsaslauthd to successfully authenticate against any of
> my two AD (Active Directory) servers.
> I start my two saslauthd servers, as
> saslauthd -m /var/run/saslauthda -a ldap -O /etc/saslauthd_a.conf -r
> saslauthd -m /var/run/saslauthdb -a ldap -O /etc/saslauthd_b.conf -r
> Using testsaslauthd, as follows works OK
> testsaslauthd -f /var/run/saslauthd_a/mux -u joe at -p xxx
> testsaslauthd -f /var/run/saslauthd_b/mux -u jill at -p xxx
> I can't seem to be able to configure openldap to authenticate against
> both AD servers. I can authenticate against one at a time.
> When I configure /etc/sasl2/slapd.conf with the following lines
> mech_list: plain
> pwcheck_method: saslauthd
> saslauthd_path: /var/run/saslauth_a/mux

I'm not aware of a way to reference two saslauthd paths that way.

The ldap_servers parameter in the saslauthd ldap config accepts multiple
ldap servers, but I assume that doesn't work the way you need it to.

You can have multiple pwcheck_methods, which should work, but isn't a very
clean solution.

For authentication to the first server, you could you saslauthd, and for
authentication to the second server, you could do one of:

   auxprop using the giengerldap plugin - ldapdb probably won't work with active

   authdaemon (courier) using it's pam config, which in turn uses one of
pamldap/nssldap/nssov/nss-ldapd (I'm not sure which of these may work with
Active Directory)

Dan White

More information about the Cyrus-sasl mailing list