sasl auth against Active Directory

Howard Chu hyc at
Wed Mar 31 04:34:22 EDT 2010

Geoff wrote:
> Le 31/03/2010 05:03, Dan White a écrit :
>> I was able to configure saslauthd to work against a Windows 2003 Standard
>> [...]
>> I had to play around a bit with an ldapsearch command to find out what
>> Active Directory wanted for a dn:
>> ldapsearch -x -H ldap:// -D Administrator at -w
>> secret -b OU=Users,OU=BTC,dc=example,dc=com
> Al right, thanks Dan, then I believe I am right with my settings in
> saslauthd. An ldap search is successful with these settings.
> I'm wondering if the IT gave me the right access on AD...
> The ldap search is not returning any userPassword or unicodePwd field
> (AD equivalent of ldap userPassword as I found on the web).
> Should an ldap search return one of these field if I had sufficient access?

No, ActiveDirectory never returns this information through LDAP.

   -- Howard Chu
   CTO, Symas Corp. 
   Director, Highland Sun
   Chief Architect, OpenLDAP

More information about the Cyrus-sasl mailing list