A LDAP server can be used for plaintext password
checking by setting "pwcheck_method" to "ldap".
The following SASL options are used for LDAP Authentication:
- ldap_server: <LDAP Servers spearted by , [localhost]>
- ldap_basedn: <LDAP base dn>
- ldap_uidattr: <LDAP uid attribute [uid]>
- ldap_port: <LDAP port [389]>
- ldap_ssl: <yes/no/true/fasle> Use ssl (untested)
- ldap_filter_mode: <yes/no/true/fasle> Use the filter below
- ldap_filter: <Additional search filter
[(objectClass=posixAccount)]>
- ldap_bind_dn: <DN to bind with [NULL]>
- ldap_bind_pw: <Password for DN to bind with [NULL]>
- ldap_alias_deref: <n|s|f|a> n is default
It is a requirement that "ldap_basedn" be set to the appropriate
value for your site
(ex. ldap_basedn: o=surf, c=UK)
ldap_alias_deref: n = LDAP_DEREF_NEVER
s = LDAP_DEREF_SEARCHING
f = LDAP_DEREF_FINDING
a = LDAP_DEREF_ALWAYS
If you dont know what ldap alias is just leave this alone.
NULL values for ldap_dn and ldap_passwd mean do an anonymous bind
and search.
LDAP pwcheck_method created by Simon@su
rf.org.uk
The patch is also held at Source Forge Cyrus Utils
Search and filter ability for LDAP was added by Kevin J. Menard, Jr..
Mr Werner Dundler sent me a message about compiling on Solaris 8/gcc which
says:
compiling against the solaris ldap libs does not work -> use openldap.
if you don't have libtool, "aclocal" and m4 stuff screws up (configure
works).
using gcc you have to tweak makefiles so that solaris varargs.h is not
used - -Ipath for gcc varargs.
Hpoe this helps people
Older patches:
