Hello Dan, On Tue, Dec 23, 2014 at 08:50:07AM -0600, Dan White wrote: > On 12/23/14 15:22 +0100, Gabriele Bulfon wrote: > >Hi, > >I recently stumbled upon this issue, where I can't find a solution. > >Same cyrus/sasl server, serving multiple 2 level domains (dc=domain,dc=com). > >Sasl configuration is like: > >ldap_search_base: ou=People,dc=%2,dc=%1 > >ldap_filter: uid=%u > >Enter a new domain, but this time it's a 3 level one (dc=dpt,dc=domain,dc=com). > >Sasl configuration should be like: > >ldap_search_base: ou=People,dc=%3,dc=%2,dc=%1 > >ldap_filter: uid=%u > >How can I let saslauthd support both configurations? > > Is the server OpenLDAP? If so, using olcAuthzRegexp would be a far more > flexible way to handle this scenario. Within saslauthd's ldap config, use > 'ldap_use_sasl' without specifying a search filter or base. > > Within slapd, your regex rules could perform a subtree search, or a simple > string replacement for each domain. See > http://www.openldap.org/doc/admin24/sasl.html and slapd-config(5). I don't understand how this works. ldap_use_sasl in saslauthd.conf tells saslauthd to contact OpenLDAP server via sasl protocol directly. Is this correct? And what happens then? How do saslauthd and slapd communicate and how is authentication performed? -- Met vriendelijke groeten, With kind regards, Mit freundlichen Gruessen, De jrus wah, Wiel ************************************* W.K. Offermans Powered by .... (__) \\\'',) \/ \ ^ .\._/_) www.FreeBSD.org ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
