Hi Adi, The trick is that your filter must be a complete ldap filter to find the user. This is documented somewhere in the saslauthd ldap documentation.
The default filter is: ldap_filter: (cn=%U) Where %U represents the case unchanged version of the username. i.e. if I am "[EMAIL PROTECTED]" it would be "JWade" Note that we use %u which converts to lower case. Just add your other attributes using the apropriate LDAP syntax: ldap_filter: (&(cn=%U)(!(myNewUser=true))) This one means CN equals username and myNewUser is not equal to true. Be careful with undefined values, if myNewUser is not a mandatory attribute, you will not retrieve any users for whom it is not defined using the syntax above There is a relatively simple way to construct a filter that works properly with undefined values. For example, we use the following to search for users whose "login disabled" property is either undefined or FALSE: (This is from a perl script, not saslauthd.conf.) $filter="(&(cn=$username)(objectclass=user)(passwordExpirationTime=*)(|(loginDisabled=FALSE)(!(logindisabled=*))))"; When in doubt, do a google search for ldap filter syntax and find some good examples. Hope this helps, John Adi Linden wrote: > Hi, > > I am using saslauthd to control access to a mail server running SMATP > AUTH. Can I check for the existance or lack of existance of a ldap > attribute using saslauthd? > > Here is what I have in /etc/saslauthd.conf now: > > ldap_auth_method: bind > ldap_servers: ldap://172.28.1.22 > ldap_search_base: ou=people,dc=example,dc=ca > ldap_use_sasl: no > ldap_method: simple > > If I add a line such as: > > ldap_filter: myNewUser=true > > I would have expected the authentication to succeed if the user has the > myNewUser attribute set to true. That doesn't work, that's my first > problem. The second problem is that once this is working I need to invert > the meaning in the sense that users with myNewUser=true should not > authenticate... > > Thanks, > Adi > > --- > Cyrus Home Page: http://asg.web.cmu.edu/cyrus > Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
