[Date Prev][Date Next] [Chronological] [Thread] [Top]


I'm working on a patch to add LDAP SASL support to Postfix 2.4 (I made one for 2.2/2.3 a long time ago), and this time I want it to be accepted upstream, so I'm working on what they feel the issues are.

Right now, they

(a) always want LDAP_SASL_QUIET enabled (makes perfect sense to me)
(b) want the SASL mechanism to be a list of mechanisms the client supports, that should be tried when connecting to the server.

I think (b) is rather non-sensical, given the configurations are rather different between things like DIGEST-MD5, EXTERNAL, and GSSAPI just to start, but...

I assume to support this I should use the ldap_sasl_interactive_bind_s function, which takes as a parameter a list of mechanisms, if I'm reading it right. The question to me comes up with mixing LDAP_SASL_QUIET in, because part of the routine involved with multiple mechansisms seems to want interaction with the client.

My assumption is that if I use ldap_sasl_interactive_bind_s, with LDAP_SASL_QUIET, and pass in a list of mechanisms, the client will just use the first mechanism in its list. Is that correct?


Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration