saslauthd and multiple dc levels

Dan White dwhite at
Tue Dec 23 09:50:07 EST 2014

On 12/23/14 15:22 +0100, Gabriele Bulfon wrote:
>I recently stumbled upon this issue, where I can't find a solution.
>Same cyrus/sasl server, serving multiple 2 level domains (dc=domain,dc=com).
>Sasl configuration is like:
>ldap_search_base: ou=People,dc=%2,dc=%1
>ldap_filter: uid=%u
>Enter a new domain, but this time it's a 3 level one (dc=dpt,dc=domain,dc=com).
>Sasl configuration should be like:
>ldap_search_base: ou=People,dc=%3,dc=%2,dc=%1
>ldap_filter: uid=%u
>How can I let saslauthd support both configurations?

Is the server OpenLDAP? If so, using olcAuthzRegexp would be a far more
flexible way to handle this scenario. Within saslauthd's ldap config, use
'ldap_use_sasl' without specifying a search filter or base.

Within slapd, your regex rules could perform a subtree search, or a simple
string replacement for each domain. See and slapd-config(5).

Dan White

More information about the Info-cyrus mailing list