On Friday, 13 January 2012 01:30:59 Mathias wrote:
Hi,
I have trouble understanding a rather simple LDAP config issue that I'm sure someone on this list can easily help with:
How do I add a (or change the) pattern of the bind DN that slapd lets me authenticate with?
I have a working slapd setup that I can happily bind to using DNs of the form "cn=Bob Parr,dc=example,dc=com". However, all accounts also have a unique "uid" attribute that I would like to use in addition to (or, if not possible, instead of) the "cn"-based RDN for binding.
The DN should not be relevant to end-users. Applications using simple binds should be configurable on which attribute to search on to identify the DN with which to bind. DN construction, or other methods should be avoided.
So, I'd like to (also) bind using the DN "uid=bob,dc=example,dc=com". My understanding is that one entry can have several DNs as long as each one is unambiguous.
False.
Shouldn't I be able to bind with anyone of these?
An entry has one DN.
You may be able to rewrite DNs from one form to another, but then why not just configure your applications correctly?
I have spent hours on searching for documentation on this and turned up surprisingly little. The problem is not an ACL issue since the logged error when trying a "uid"-based bind is "DB_NOTFOUND: No matching key/data pair found" rather than anything else...
I'd be _very_ grateful for any pointers on this...
Why is the DN form so important to you?
Regards, Buchan