ldap_saslauthd gssapi sasl indirect bind

Stephen Ingram sbingram at gmail.com
Mon Mar 28 18:33:04 EDT 2011


Instead of just setting the cyrus sasl options to use kerberos5 mech,
I'm trying to use the ldap mech and then perform SASL bind to the
directory. This is so I can hopefully support either a uid or mail
attribute login. As I keep receiving an "authentication failed" error,
I'm guessing this might not be directly possible using saslauthd. Does
it only support a direct bind as the user attempting to authenticate
or can it support a bind to ldap as an administrative user who then
performs a search for the login user dn? For example, here is
saslauthd.conf:

ldap_auth_method: bind
ldap_use_sasl: yes
ldap_mech: GSSAPI
ldap_realm: 4TEST.NET
ldap_id: admin
ldap_servers: ldap://ldap3.4test.net
ldap_search_base: dc=4test,dc=net
ldap_filter: (|(uid=%u)(mail=%u))

Steve


More information about the Cyrus-sasl mailing list