SASL Ldap Group Filter Request
David Faller
d.faller at live.de
Sat Jun 20 03:33:38 EDT 2020
Dear all,
we want to add to saslauthd.conf an ldap group filtering.
How I understand, it’s possible that saslauthd can check under an ou listed groups which are linked to users which should have access or instead to search for groups it’s
Possible to specify a single group.
Here’s my configuration
ldap_servers: ldap://ddcl001.company-group.dir
ldap_search_base: dc=company-group,dc=dir
#ldap_filter: sAMAccountName=%U
ldap_filter: userPrincipalName=%u
#ldap_version: 3
ldap_auth_method: bind
ldap_bind_dn: cn=Administrator,cn=Users,dc=company-group,dc=dir
ldap_bind_pw: ********
ldap_scope: sub
ldap_debug: -1
# Group Check Test
#ldap_group_search_base: ou=groups,ou=Exchange,DC=company-group,DC=dir
#ldap_group_attr: sAMAccountName
#ldap_group_match_method: filter
#ldap_group_filter: (sAMAccountName=%U)
#ldap_group_scope: sub
#ldap_size_limit: 0
#ldap_verbose: on
I don’t know if the samba AD DC store the attr memberUid, with this one it was also not working to authenticate, without the group check saslauthd works fine.
Some help here at this point would be fine,
Best Regards,
David Faller
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20200620/4bc3746b/attachment.html>
More information about the Cyrus-sasl
mailing list