From c1ee7e81d03d5cbd524ddea5412799785c981faf Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Tue, 16 Mar 2021 11:51:10 +0000
Subject: [PATCH] saslauthd: Convert ldap to use fastbind

Seems that cert auth always returns success even for invalid passwords. :)
---
 roles/saslauthd/templates/saslauthd.conf.j2 | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/roles/saslauthd/templates/saslauthd.conf.j2 b/roles/saslauthd/templates/saslauthd.conf.j2
index e6df18c..403d2f2 100644
--- a/roles/saslauthd/templates/saslauthd.conf.j2
+++ b/roles/saslauthd/templates/saslauthd.conf.j2
@@ -5,7 +5,5 @@ ldap_search_base: {{ ldap_basedn }}
 ldap_tls_check_peer: yes
 ldap_tls_cacert_file: {{ tls_bundle }}
 
-ldap_use_sasl: yes
-ldap_mech: EXTERNAL
-ldap_tls_cert: {{ tls_certs }}/{{ inventory_hostname }}.crt
-ldap_tls_key: {{ tls_private }}/{{ inventory_hostname }}.key
+ldap_auth_method: fastbind
+ldap_filter: uid=%u,ou=People,{{ ldap_basedn }}