Authenticate using Active Directory when binding to Zimbra's LDAP server?

[jsnapp]

Our Zimbra server is configured to authenticate using our Active Directory and this works fine. Our users can use their active directory password to login to IMAP and POP3 and of course the Web Client.

The problem is that they can NOT bind to Zimbra's ldap server in order to access the GAL with clients such as Thunderbird.

Is there any way to authenticate using Active Directory when binding to Zimbra's ldap server?

I know anonymous bind is available but I want to require authentication.

Thanks for any suggestions.

[jsnapp]

Ok, I've figured this much out.

I know saslauthd authentication is working because I've tested it using `testsaslauthd` and I've also used authenticated SMTP which uses saslauthd. I can also see saslauthd's authentication efforts in the /var/log/zimbra.log.

I simply want OpenLDAP to use saslauthd as described by Pass-Through Authentication Instructions

I added a slapd.conf file to /opt/zimbra/cyrus-sasl/lib/sasl2/ with the following content.

Code:

#
# This is ${cyrus-sasl-prefix}/lib/sasl2/slapd.conf
#
pwcheck_method: saslauthd
saslauthd_path: /opt/zimbra/cyrus-sasl/state/mux

I added "{SASL}username" to the userPassword attribute of a user object in LDAP...this should tell LDAP to use saslauthd to authenticate the user.

I restarted all services and tried to connect to LDAP and it keeps telling me I'm using invalid credentials AND I can't see any saslauthd authentication efforts in the /var/log/zimbra.log.

Can ANYONE tell me how to get this to work?

Can anyone tell me if Zimbra's openldap is compiled with the "--enable-spasswd" option which is required for openldap to use saslauthd?

Thanks in advance.

[jsnapp]

Can't SOMEONE (preferably an employee?) AT LEAST tell me if Zimbra's OpenLDAP is compiled with the "--enable-spasswd" option which is required for openldap to use saslauthd?