On 13/04/10 13:38 +0200, Giovanni Malfarà wrote:
I have the following /etc/saslauthd.conf
ldap_server: ldap://"my server address" :389
ldap_bind_dn: cn=Manager,dc=mycompany,dc=it
ldap_search_base: ou=People,dc=mycompany,dc=it
ldap_filter: (objectClass=inetOrgPerson)
ldap_use_sasl: yes
ldap_bind_pw: "my passwd in SSHA"
ldap_auth_method: bind
from LDAP_SASLAUTHD:
ldap_bind_pw: <none>
Alias for ldap_password.
ldap_password: <none>
Specify the password for ldap_bind_dn or ldap_id if
ldap_use_sasl is turned on. Do not specify this parameter for the
anonymous bind.
Which implies that you need to use an ldap_id rather than ldap_bind_dn,
when using ldap_use_sasl.
Also:
ldap_auth_method: <bind|fastbind> <bind|custom|fastbind>
Specify an authentication method.
The bind method uses the LDAP bind facility to verify the password.
The bind method is not available when ldap_use_sasl is turned on.
In that case saslauthd will use fastbind.
So assuming you don't want to use the custom method, your config looks
like:
ldap_servers: ldap://ldap.example.net/
ldap_use_sasl: yes
ldap_mech: DIGEST-MD5
Or whatever mech you want to use. The fastbind auth method appears to just
do a sasl bind with the credentials supplied by the user.
ldap_verbose: on
ldap_debug: 10
ldap_version: 3
Interesting. ldap_debug is in the source but not documented in
LDAP_SASLAUTHD. Works great.
--
Dan White
