Dan White wrote: > ldap_servers: ldap://192.168.2.1/ > ldap_use_sasl: yes > ldap_mech: DIGEST-MD5 > > Assuming you can figure out how to do an LDAP sasl bind against Active > Directory, which I haven't been able to do with a non GSSAPI sasl mech. It's definitely possible to do LDAP SASL bind with DIGEST-MD5 with MS AD. But my own tests showed that for some reason you have to 1. use the host name instead of an IP address and 2. make sure that there are correct PTR RRs in DNS for your MS AD DC. Ciao, Michael.