Re: slapd: The reverse of "authz-regexp": From Bind-DN to SASL authentication: Is it possible?

At 02:14 AM 12/22/2006, Alexandros Vellis wrote:

The slapd.conf option "authz-regexp", according to man page is...:

Used by the authentication framework to convert simple user names, such as provided by SASL subsystem, to an LDAP DN used for authorization purposes.

I am searching how to do the exact reverse thing, and I haven't found an option for it.

Becaues the exact reverse thing doesn't exist.

However, you might look at using the {SASL} userPassword scheme. See http://www.openldap.org/faq/index.cgi?file=944. Note that while this FAQ answer is written from a Kerberos perspective, the mechanism works just fine with various other Cyrus SASL saslauthd(8) configurations.