George Forman wrote:
Based on my testing of saslauthd using ldap for authentication, the bind and the fastbind configuration doesn't support my needs. It appears in the bind method, an anonymous bind is first completed, then a ldap search is requested looking for the user's DN. Once the DN is returned, a second simple bind request is sent using the user's DN, uid and password. I tried the fastbind but it seemed to try to bind using the password specified in saslauthd.conf and then did an ldap search. If I remove the ldap_bind_pw, it does an anonymous bind which doesn't meet my requirements. I need to do a simple ldap bind using the user's credentials and the password provided.
saslauthd cannot do an LDAP Simple Bind until it has mapped the user's name to an LDAP DN. So it always needs to do a search first, to perform this mapping.
Is creating a new plugin my best option?
Is there a specific reason you need to use saslauthd? Does your LDAP server support SASL authentication? If so, try using the ldapdb auxprop instead.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
