saslauthd and multiple dc levels

[Dan White]

On 12/23/14 15:22 +0100, Gabriele Bulfon wrote:
>Hi,
>I recently stumbled upon this issue, where I can't find a solution.
>Same cyrus/sasl server, serving multiple 2 level domains (dc=domain,dc=com).
>Sasl configuration is like:
>ldap_search_base: ou=People,dc=%2,dc=%1
>ldap_filter: uid=%u
>Enter a new domain, but this time it's a 3 level one (dc=dpt,dc=domain,dc=com).
>Sasl configuration should be like:
>ldap_search_base: ou=People,dc=%3,dc=%2,dc=%1
>ldap_filter: uid=%u
>How can I let saslauthd support both configurations?

Is the server OpenLDAP? If so, using olcAuthzRegexp would be a far more
flexible way to handle this scenario. Within saslauthd's ldap config, use
'ldap_use_sasl' without specifying a search filter or base.

Within slapd, your regex rules could perform a subtree search, or a simple
string replacement for each domain. See
http://www.openldap.org/doc/admin24/sasl.html and slapd-config(5).

-- 
Dan White