saslauthd filter
John Wade
jwade at oakton.edu
Mon Aug 16 13:02:29 EDT 2004
Hi Adi,
The trick is that your filter must be a complete ldap filter to find the
user. This is documented somewhere in the saslauthd ldap documentation.
The default filter is:
ldap_filter: (cn=%U)
Where %U represents the case unchanged version of the username. i.e. if I
am "JWade at oakton.edu" it would be "JWade" Note that we use %u which
converts to lower case.
Just add your other attributes using the apropriate LDAP syntax:
ldap_filter: (&(cn=%U)(!(myNewUser=true)))
This one means CN equals username and myNewUser is not equal to true. Be
careful with undefined values, if myNewUser is not a mandatory attribute, you
will not retrieve any users for whom it is not defined using the syntax above
There is a relatively simple way to construct a filter that works properly
with undefined values. For example, we use the following to search for
users whose "login disabled" property is either undefined or FALSE: (This
is from a perl script, not saslauthd.conf.)
$filter="(&(cn=$username)(objectclass=user)(passwordExpirationTime=*)(|(loginDisabled=FALSE)(!(logindisabled=*))))";
When in doubt, do a google search for ldap filter syntax and find some good
examples.
Hope this helps,
John
Adi Linden wrote:
> Hi,
>
> I am using saslauthd to control access to a mail server running SMATP
> AUTH. Can I check for the existance or lack of existance of a ldap
> attribute using saslauthd?
>
> Here is what I have in /etc/saslauthd.conf now:
>
> ldap_auth_method: bind
> ldap_servers: ldap://172.28.1.22
> ldap_search_base: ou=people,dc=example,dc=ca
> ldap_use_sasl: no
> ldap_method: simple
>
> If I add a line such as:
>
> ldap_filter: myNewUser=true
>
> I would have expected the authentication to succeed if the user has the
> myNewUser attribute set to true. That doesn't work, that's my first
> problem. The second problem is that once this is working I need to invert
> the meaning in the sense that users with myNewUser=true should not
> authenticate...
>
> Thanks,
> Adi
>
> ---
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list