saslauthd filter

Igor Brezac igor at ipass.net
Mon Aug 16 12:46:28 EDT 2004


On Mon, 16 Aug 2004, Adi Linden wrote:

> Hi,
>
> I am using saslauthd to control access to a mail server running SMATP
> AUTH. Can I check for the existance or lack of existance of a ldap
> attribute using saslauthd?
>
> Here is what I have in /etc/saslauthd.conf now:
>
> ldap_auth_method: bind
> ldap_servers: ldap://172.28.1.22
> ldap_search_base: ou=people,dc=example,dc=ca
> ldap_use_sasl: no

> ldap_method: simple
   ^^^^^^^^^^^
This is an invalid param

> If I add a line such as:
>
> ldap_filter: myNewUser=true

You need to use
ldap_filter: (&(uid=%u)(myNewUser=true))

>
> I would have expected the authentication to succeed if the user has the
> myNewUser attribute set to true. That doesn't work, that's my first
> problem. The second problem is that once this is working I need to invert
> the meaning in the sense that users with myNewUser=true should not
> authenticate...

Try
ldap_filter: (&(uid=%u)(!(myNewUser=true)))

-- 
Igor
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list