Also, if you're authenticating against AD, there are a few other things that can be simplified in that tutorial. First, add the "-r" option to the list of saslauthd(8) options so the username becomes foo@REALM.
After that you can have the following settings in your saslauthd.conf(5) file:
ldap_servers: ldaps://adldap1.ad.example.com ldaps://adldap2.ad.example.com ldap_tls_check_peer: no ldap_use_sasl: no ldap_auth_method: fastbind ldap_filter: %u
The "fastbind" skips the search of the directory, and simply tries to bind as username@REALM (which should map to users' AD principal because of "-r"). This also removes the need for a service account to do the initial bind-and-search.
On Sun, January 31, 2016 22:14, David Magda wrote:
Try editing your system-wide ldap.conf(5) file to have:
TLS_REQCERT never
“allow” should also work. Also make sure you have a valid setting for TLS_CACERT (and that the file actually exists and has some contents): if you tell LDAP software not to check validity, the cert path has to be there to be ignored.
On Jan 27, 2016, at 15:18, Timothy Keith timothy.g.keith@gmail.com wrote:
I am using this tutorial : Pass-Trough authentication with SASL http://ltb-project.org/wiki/documentation/general/sasl_delegation
Tim