1Using SASL with the tcllib ldap client 2 3The current SASL support for the ldap client has been tested with openLDAP 2.3 and CyrusSASL, 4but is considered experimental. 5 6The OpenLDAP slapd.conf file used for testing had the following entries to map the 7SASL auth information, the actual SASL passwords were stored in the sasldb with the help 8of saslpasswd2: 9 10 # SASL Mappings 11 # 12 13 sasl-host localhost 14 sasl-realm ldap 15 authz-regexp 16 uid=([^,]+),(cn=[^,]+,)?cn=digest-md5,cn=auth 17 ldap:///ou=SomeOU,dc=tcllib,dc=tcltk??one?(uid=$i) 18 19 authz-regexp 20 uid=([^,]+),(cn=[^,]+,)?cn=cram-md5,cn=auth 21 ldap:///ou=SomeOU,dc=tcllib,dc=tcltk??one?(uid=$i) 22 23 24A rather typical user of that server would be for example: 25 26 cn=James Bond,ou=SomeOU,dc=tcllib,dc=tcltk 27 objectClass inetOrgPerson 28 cn James Bond 29 sn Bond 30 uid u007 31 32Now you can SASL auth with the tcllib ldap client with the following: 33 34 package require ldap 1.6 35 36 set handle [ldap::connect localhost] 37 set auth [ldap::bindSASL u007 "mollypenny"] 38 if {$auth} { 39 puts "Succesfully bound with SASL" 40 } else { 41 puts "SASL bind failed" 42 } 43 44To find out your real authzId, you can then use the ldap::whoami command. 45 46 puts "auhtzId: [ldap::whoami $handle]" 47 48 49