Add more sasl LDAP config options

- SASLAUTHD_LDAP_PASSWORD_ATTR => ldap_password_attr
- SASLAUTHD_LDAP_AUTH_METHOD => ldap_auth_method
- SASLAUTHD_LDAP_MECH => ldap_mech

README.md

@@ -854,11 +854,31 @@ File containing CA (Certificate Authority) certificate(s).
 - e.g. for active directory: `(&(sAMAccountName=%U)(objectClass=person))`
 - e.g. for openldap: `(&(uid=%U)(objectClass=person))`
 
+##### SASLAUTHD_LDAP_PASSWORD_ATTR
+
+Specify what password attribute to use for password verification.
+
+- **empty** => Nothing is added to the configuration but the documentation says it is `userPassword` by default.
+- Any value => Fills the `ldap_password_attr` option
+
 ##### SASL_PASSWD
 
 - **empty** => No sasl_passwd will be created
 - string => `/etc/postfix/sasl_passwd` will be created with the string as password
 
+##### SASLAUTHD_LDAP_AUTH_METHOD
+
+- **empty** => `bind` will be used as a default value
+- `fastbind` => The fastbind method is used
+- `custom` => The custom method uses userPassword attribute to verify the password
+
+##### SASLAUTHD_LDAP_MECH
+
+Specify the authentication mechanism for SASL bind.
+
+- **empty** => Nothing is added to the configuration
+- Any value => Fills the `ldap_mech` option
+
 #### SRS (Sender Rewriting Scheme)
 
 ##### SRS_SENDER_CLASSES

mailserver.env

@@ -356,10 +356,25 @@ SASLAUTHD_LDAP_TLS_CACERT_FILE=
 # Any value => Fills the `ldap_tls_cacert_dir` option
 SASLAUTHD_LDAP_TLS_CACERT_DIR=
 
+# Specify what password attribute to use for password verification.
+# empty => Nothing is added to the configuration but the documentation says it is `userPassword` by default.
+# Any value => Fills the `ldap_password_attr` option
+SASLAUTHD_LDAP_PASSWORD_ATTR=
+
 # empty => No sasl_passwd will be created
 # string => `/etc/postfix/sasl_passwd` will be created with the string as password
 SASL_PASSWD=
 
+# empty => `bind` will be used as a default value
+# `fastbind` => The fastbind method is used
+# `custom` => The custom method uses userPassword attribute to verify the password
+SASLAUTHD_LDAP_AUTH_METHOD=
+
+# Specify the authentication mechanism for SASL bind
+# empty => Nothing is added to the configuration
+# Any value => Fills the `ldap_mech` option
+SASLAUTHD_LDAP_MECH=
+
 # –––––––––––––––––––––––––––––––––––––––––––––––
 # ––– SRS Section –––––––––––––––––––––––––––––––
 # –––––––––––––––––––––––––––––––––––––––––––––––

target/start-mailserver.sh

@@ -917,6 +917,7 @@ function _setup_saslauthd
 
   [[ -z ${SASLAUTHD_LDAP_START_TLS} ]] && SASLAUTHD_LDAP_START_TLS=no
   [[ -z ${SASLAUTHD_LDAP_TLS_CHECK_PEER} ]] && SASLAUTHD_LDAP_TLS_CHECK_PEER=no
+  [[ -z ${SASLAUTHD_LDAP_AUTH_METHOD} ]] && SASLAUTHD_LDAP_AUTH_METHOD=bind
 
   if [[ -z ${SASLAUTHD_LDAP_TLS_CACERT_FILE} ]]
   then
@@ -932,13 +933,27 @@ function _setup_saslauthd
     SASLAUTHD_LDAP_TLS_CACERT_DIR="ldap_tls_cacert_dir: ${SASLAUTHD_LDAP_TLS_CACERT_DIR}"
   fi
 
+  if [[ -z ${SASLAUTHD_LDAP_PASSWORD_ATTR} ]]
+  then
+    SASLAUTHD_LDAP_PASSWORD_ATTR=""
+  else
+    SASLAUTHD_LDAP_PASSWORD_ATTR="ldap_password_attr: ${SASLAUTHD_LDAP_PASSWORD_ATTR}"
+  fi
+
+  if [[ -z ${SASLAUTHD_LDAP_MECH} ]]
+  then
+    SASLAUTHD_LDAP_MECH=""
+  else
+    SASLAUTHD_LDAP_MECH="ldap_mech: ${SASLAUTHD_LDAP_MECH}"
+  fi
+
   if [[ ! -f /etc/saslauthd.conf ]]
   then
     _notify 'inf' "Creating /etc/saslauthd.conf"
     cat > /etc/saslauthd.conf << EOF
 ldap_servers: ${SASLAUTHD_LDAP_PROTO}${SASLAUTHD_LDAP_SERVER}
 
-ldap_auth_method: bind
+ldap_auth_method: ${SASLAUTHD_LDAP_AUTH_METHOD}
 ldap_bind_dn: ${SASLAUTHD_LDAP_BIND_DN}
 ldap_bind_pw: ${SASLAUTHD_LDAP_PASSWORD}
 
@@ -950,6 +965,8 @@ ldap_tls_check_peer: ${SASLAUTHD_LDAP_TLS_CHECK_PEER}
 
 ${SASLAUTHD_LDAP_TLS_CACERT_FILE}
 ${SASLAUTHD_LDAP_TLS_CACERT_DIR}
+${SASLAUTHD_LDAP_PASSWORD_ATTR}
+${SASLAUTHD_LDAP_MECH}
 
 ldap_referrals: yes
 log_level: 10