saslauthd patch for the bind-like method with SASL
IKEDA Yasuyuki
devld at ikedam.jp
Sun Nov 4 08:51:37 EST 2012
Hello all.
I wrote an attached patch to work with the following case.
How about merge this patch to the cyrus-sasl source tree?
When you use the SASL authentication with LDAP, you specify
the attribute used as a user ID in the LDAP server configuration
(for example, sasl-regexp in OpenLDAP).
In my case, the user ID a user enters is not the attribute
specified as SASL authentication user ID: a user enters
his or her mail user name, but the LDAP server accepts
only emploee IDs for the SASL authentication (and could not
configure the LDAP server to use mail user names as SASL
authentication ID for some reasons) .
To work with the above case, my patched saslauthd authenticates
a user as following:
1. First, binds the LDAP server with ldap_id or ldap_bind_dn
2. Searches for the user object to the authenticate,
with the ID the user entered.
3. Retrieves the attribute in the user object, which can use
for the SASL authentication.
4. Binds with the retrieved SASL user ID and the password
the user entered.
This works like the bind method do, but can be used with SASL.
I'm happy if I can use this feature in the upstream cyrus-sasl.
--
IKEDA Yasuyuki <devld at ikedam.jp>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cyrus-sasl-2.1.25-saslbind.patch
Type: application/octet-stream
Size: 6184 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20121104/61368739/attachment.obj
More information about the Cyrus-sasl
mailing list