[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

Re: SASL + LDAP



On 13/04/10 13:38 +0200, Giovanni Malfarà wrote:
I have the following /etc/saslauthd.conf

ldap_server: ldap://"my server address" :389
ldap_bind_dn: cn=Manager,dc=mycompany,dc=it
ldap_search_base: ou=People,dc=mycompany,dc=it
ldap_filter: (objectClass=inetOrgPerson)
ldap_use_sasl: yes
ldap_bind_pw: "my passwd in SSHA"
ldap_auth_method: bind

from LDAP_SASLAUTHD:

ldap_bind_pw: <none>
        Alias for ldap_password.

ldap_password: <none>
        Specify the password for ldap_bind_dn or ldap_id if
        ldap_use_sasl is turned on.  Do not specify this parameter for the
        anonymous bind.

Which implies that you need to use an ldap_id rather than ldap_bind_dn,
when using ldap_use_sasl.

Also:

ldap_auth_method: <bind|fastbind> <bind|custom|fastbind>
        Specify an authentication method.

    The bind method uses the LDAP bind facility to verify the password.
    The bind method is not available when ldap_use_sasl is turned on.
    In that case saslauthd will use fastbind.

So assuming you don't want to use the custom method, your config looks
like:

ldap_servers: ldap://ldap.example.net/
ldap_use_sasl: yes
ldap_mech: DIGEST-MD5

Or whatever mech you want to use. The fastbind auth method appears to just
do a sasl bind with the credentials supplied by the user.

ldap_verbose: on
ldap_debug: 10
ldap_version: 3

Interesting. ldap_debug is in the source but not documented in
LDAP_SASLAUTHD. Works great.

--
Dan White

[Video For Linux]     [Photos]     [Yosemite News]    [Yosemite Photos]     [gtk]     [KDE]     [Info Cyrus]     [Gimp on Windows]     [Steve's Art]     [Script Fu]

Powered by Linux