Add more config options to saslauthd.conf

[williamdes]

Follow up of: #980
Fixes: #1704

• SASLAUTHD_LDAP_TLS_CACERT_FILE => ldap_tls_cacert_file
• SASLAUTHD_LDAP_TLS_CACERT_DIR => ldap_tls_cacert_dir
• SASLAUTHD_LDAP_PASSWORD_ATTR => ldap_password_attr
• SASLAUTHD_LDAP_AUTH_METHOD => ldap_auth_method
• SASLAUTHD_LDAP_MECH => ldap_mech

Note: actually I have to have 2 values for the userPassword attribute in my LDAP because sasl will not authenticate using my ssha256 stored password value, this pull-request is my hope to address my current issue.

Documentations used:

• https://opensource.apple.com/source/passwordserver_sasl/passwordserver_sasl-209/cyrus_sasl/saslauthd/LDAP_SASLAUTHD.auto.html
• https://github.com/winlibs/cyrus-sasl/blob/master/saslauthd/LDAP_SASLAUTHD
• https://blog.sys4.de/cyrus-sasl-saslauthdconf-man-page-en.html
• http://web.mit.edu/ghudson/dev/third/cyrus-sasl/saslauthd/LDAP_SASLAUTHD

[erik-wramner]

This looks fine to me, but it would have been nice if someone who uses ldap could have a look. @fbartels or @aendeavor you don't use ldap either, do you?

[georglauterbach]

I do not use LDAP either, but to be honest, this seems absolutely fine to me. The guidelines for scripting were read, implementation and documentation is flawless too. I feel like we won't get anyone anytime soon to who uses LDAP and can review these changes.

@erik-wramner I'd say it's fine to merge this, what do you think?

EDIT: The only thing that could be done is adding one or two tests to test/mail_with_ldap.bats, if it's appropriate. I will however not flag this with missing integration tests. @erik-wramner if you feel like these tests should be added, you can label it appropriately.

[williamdes]

EDIT: The only thing that could be done is adding one or two tests to test/mail_with_ldap.bats, if it's appropriate. I will however not flag this with missing integration tests. @erik-wramner if you feel like these tests should be added, you can label it appropriately.

I am totally in favor of adding unit tests but I could not find a codecov like percentage and this did discourage me from writing tests
I have coverage for this project written in shell scripts: https://github.com/williamdes/sql-backup

By the way, a enormous thank you for this repository that solved a nightmare of implementations by adding a docker way of doing a cool web server.

I have only one note: It seems to be missing things or a little bit of paint to make this project 100% percent LDAP TLS strict encryption compatible ;)
But you are quite quick at review and response and I would agree to contribute more because your project is run on my production server and I need everything to be clean and 0% hacky.

[georglauterbach]

I understand. Yeah, I would like to see Codecov too, but: I will propose this in #1699, where adding this action I would deem appropriate:)

I've decided that this fine for merging. @erik-wramner if there are issue in the future why are a result of this PR, I think it's fine to have @williamdes look at them (too) as he seems to use LDAP ;)

You mentioned:

I have only one note: It seems to be missing things or a little bit of paint to make this project 100% percent LDAP TLS strict encryption compatible ;)

That would be awesome.

[williamdes]

Here is my repository, I will try to add tests using real world tests and harden the security as much as possible
https://github.com/desportes/infrastructure

[williamdes]

Here we are 🚀
All wired with docker actions and ldap account seeding.
https://github.com/desportes/infrastructure/blob/c22fb907637c3496b06e6b2e9a7883ee29351b5a/tests/php/tests/SendAndReceiveTest.php