How to use saslauthd with LDAP

Create the configuration file /etc/saslauthd.conf.

touch /etc/saslauthd.conf
chmod 0600 /etc/saslauthd.conf

On Fedora, install the package cyrus-sasl and read the saslauthd(8) manual page for information on how to run the saslauthd daemon unprivileged as user saslauth.

touch /etc/saslauthd.conf
chgrp saslauth /etc/saslauthd.conf
chmod 0640 /etc/saslauthd.conf

Put your LDAP settings into /etc/saslauthd.conf.

ldap_servers: ldap://ad1.example.com ldap://ad2.example.com
ldap_start_tls: yes
ldap_tls_cacert_file: /etc/ssl/certs/EXAMPLE-ADS-CA.pem
ldap_tls_check_peer: yes
ldap_search_base: OU=Users,DC=EXAMPLE,DC=COM
ldap_filter: (sAMAccountName=%U)
ldap_bind_dn: CN=saslauthd,OU=Managers,DC=EXAMPLE,DC=COM
ldap_password: secret

On Debian and Ubuntu, install the package sasl2-bin and enable LDAP in /etc/default/saslauthd. Add system users that will communicate with saslauthd to the sasl group.

START=yes
MECHANISMS="ldap"
MECH_OPTIONS=""
OPTIONS="-c -m /run/saslauthd"

On Fedora, install the package cyrus-sasl and edit /etc/sysconfig/saslauthd.

MECH=ldap
FLAGS="-c"

On Mageia, install the package cyrus-sasl and edit /etc/sysconfig/saslauthd.

SASL_AUTHMECH=ldap
SASLAUTHD_OPTS="-c"

On openSUSE, install the package cyrus-sasl-saslauthd and edit /etc/sysconfig/saslauthd.

SASLAUTHD_AUTHMECH=ldap
SASLAUTHD_PARAMS="-c"

Enable and start the service.

sudo systemctl enable saslauthd.service
sudo systemctl restart saslauthd.service

Test your setup.

unset HISTFILE
sudo testsaslauthd -u $USER -p 'your password'