saslauthd with ldap

[Igor Brezac]

On Mon, 5 Apr 2004, Adi Linden wrote:

> > > I attempting to authenticate using saslauthd and ldap. Somehow this isn't
> > > working. How do I need to configure saslauthd.conf to have saslauthd bind
> > > to the ldap server with the username and password of the user to
> > > authenticate?
> >
> > ldap_servers: ldapi:///
> > ldap_auth_method: bind
> > ldap_bind_dn: <your bind dn>
> > ldap_password: <your bind pw>
> > ldap_filter: uid=%u  # Modify to accomodate your env
> > ldap_search_base: <your search base>
>
> I don't quite understand, this binds to the ldap server to retrieve the
> password.

No.  It retrieves user's DN.

> What I would like to do is bind as as the user to authenticate.
> Example, if I run:
>
>     testsaslauthd -u someone -p example
>
> This would connect to the ldap server as uid=someone,dc-example,dc=com and
> authenticate with the example password. If the bind succeeds the
> user/password pair is valid and if it fails the user/password pair is
> false. This how all of our other services are setup that use ldap for
> authentication.

I guess you did not read the link I provided earlier.  ;(

The example above does exactly that.  saslauthd will find DN for 'someone'
and it will use that DN to bind to the ldap server along with the password
provided to saslauthd.

If all your users have DN that look like uid=someone,dc-example,dc=com,
you can use the following saslauthd.conf:

ldap_servers: ldapi:///
ldap_auth_method: fastbind
ldap_filter: uid=%u,dc-example,dc=com

-- 
Igor
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html