Instead of just setting the cyrus sasl options to use kerberos5 mech, I'm trying to use the ldap mech and then perform SASL bind to the directory. This is so I can hopefully support either a uid or mail attribute login. As I keep receiving an "authentication failed" error, I'm guessing this might not be directly possible using saslauthd. Does it only support a direct bind as the user attempting to authenticate or can it support a bind to ldap as an administrative user who then performs a search for the login user dn? For example, here is saslauthd.conf:
ldap_auth_method: bind ldap_use_sasl: yes ldap_mech: GSSAPI ldap_realm: 4TEST.NET ldap_id: admin ldap_servers: ldap://ldap3.4test.net ldap_search_base: dc=4test,dc=net ldap_filter: (|(uid=%u)(mail=%u)) Steve
