saslauthd and multiple dc levels
Dan White
dwhite at olp.net
Tue Dec 23 09:50:07 EST 2014
On 12/23/14 15:22 +0100, Gabriele Bulfon wrote:
>Hi,
>I recently stumbled upon this issue, where I can't find a solution.
>Same cyrus/sasl server, serving multiple 2 level domains (dc=domain,dc=com).
>Sasl configuration is like:
>ldap_search_base: ou=People,dc=%2,dc=%1
>ldap_filter: uid=%u
>Enter a new domain, but this time it's a 3 level one (dc=dpt,dc=domain,dc=com).
>Sasl configuration should be like:
>ldap_search_base: ou=People,dc=%3,dc=%2,dc=%1
>ldap_filter: uid=%u
>How can I let saslauthd support both configurations?
Is the server OpenLDAP? If so, using olcAuthzRegexp would be a far more
flexible way to handle this scenario. Within saslauthd's ldap config, use
'ldap_use_sasl' without specifying a search filter or base.
Within slapd, your regex rules could perform a subtree search, or a simple
string replacement for each domain. See
http://www.openldap.org/doc/admin24/sasl.html and slapd-config(5).
--
Dan White
More information about the Info-cyrus
mailing list