Hello all. I wrote an attached patch to work with the following case. How about merge this patch to the cyrus-sasl source tree? When you use the SASL authentication with LDAP, you specify the attribute used as a user ID in the LDAP server configuration (for example, sasl-regexp in OpenLDAP). In my case, the user ID a user enters is not the attribute specified as SASL authentication user ID: a user enters his or her mail user name, but the LDAP server accepts only emploee IDs for the SASL authentication (and could not configure the LDAP server to use mail user names as SASL authentication ID for some reasons) . To work with the above case, my patched saslauthd authenticates a user as following: 1. First, binds the LDAP server with ldap_id or ldap_bind_dn 2. Searches for the user object to the authenticate, with the ID the user entered. 3. Retrieves the attribute in the user object, which can use for the SASL authentication. 4. Binds with the retrieved SASL user ID and the password the user entered. This works like the bind method do, but can be used with SASL. I'm happy if I can use this feature in the upstream cyrus-sasl. -- IKEDA Yasuyuki <devld@xxxxxxxxx>
Attachment:
cyrus-sasl-2.1.25-saslbind.patch
Description: Binary data
