Re: OpenLDAP authenticate the username/password with MS-AD?

On 20/07/10 11:00 +0600, OSHIM wrote:

anyone can clear to me about this line

To work, passwords for accounts will form OpenLDAP sasl) (account @ realm. These two parameters, account, and the kingdom shall be forwarded to saslauthd uses them in its LDAP filter to find the account in question.

That probably refers to a fully qualified username, such as 'jsmith@example.net'. I'm not sure that a SASL realm parameter can be passed using this method (sasl_checkpass).

Although saslauthd will support a fully qualified username if its backend does, AD does not seem to support it (or a SASL realm parameter even).