Hi all I got work sasl authentication to access ldap server by correcting two things: 1.- inserting the proxyuser's userpassword in clear text (userPassord=secret) 2.- fixing the proxyuser's authzTo atributte to authzTo: ldap:///ou=people,dc=plainjoe,dc=org??sub?(objectClass=account) (results at the end of this mail) As far as it can be seen, there's no need for cyrus-sasl for these matter but my final purpose is to enable Cyrus-sasl with openldap as backend to authenticate users for cyrus-imapd and postfix services. Any hints would be appreciated. Thanks to all for your support Fernando firewall:~ # ldapwhoami -U proxyuser -X u:test -Y digest-md5 SASL/DIGEST-MD5 authentication started Please enter your password: SASL username: u:test SASL SSF: 128 SASL data security layer installed. dn:uid=test,ou=people,dc=plainjoe,dc=org firewall:~ # ldapsearch -Y digest-md5 -U proxyuser -b 'dc=plainjoe,dc=org' '(objectclass=*)' SASL/DIGEST-MD5 authentication started Please enter your password: SASL username: proxyuser SASL SSF: 128 SASL data security layer installed. # extended LDIF # # LDAPv3 # base <dc=plainjoe,dc=org> with scope subtree # filter: (objectclass=*) |