Hello,

I am trying to have ldap2pg authenticate against my LDAP directory through GSSAPI (in order to use Kerberos ultimately). According to https://ldap2pg.readthedocs.io/en/latest/ldap/ it seems that I should be able to specify SASL_MECH but I do not find how to do it.

Here is the anonymised ldaprc file I am trying to use (it works fine if I do a ldapwhoami):

URI ldaps://krbldap-001.xxxx.yyy.zz
SASL_MECH GSSAPI
SASL_REALM XXXX.YYY.ZZ
SASL_AUTHCID name_of_the_kerberos_principal_used_to_authenticate_against_ldap

This leads to the following error when running ldap2pg:

14:25:33 INFO   Starting ldap2pg                                 version=v6.0 runtime=go1.20.5 commit=023e6933
14:25:33 INFO   Using YAML configuration file.                   path=./ldap2pg.yml
14:25:33 INFO   Running as superuser.                            user=postgres super=true server="PostgreSQL 14.11" cluster=14/main database=postgres
14:25:34 ERROR  Fatal error.                                     err="unhandled SASL_MECH"

If I use BINDDN and PASSWORD in my ldaprc file instead of the SASL_* variables, ldap2pg works fine.

Am I doing something wrong or can it be that support for GSSAPI has not been implemented in version 6?

Thank you for your support.

Best regards,
Paul