Stefano Zanmarchi wrote:
Hi all, I'd like to let users bind against an attribute other than "userPassword". Is it possible or is userPassword hardcoded?
I's not just hardcoded, it's what standard track specs mandate for simple bind.
However, a DSA can also be used as a simple storage for data, including credentials, by applications that take care of authentication and authorization. This is what samba does, for example, with the sambaLMPassword and sambaNTPassword attributes.
Moreover I'd like to serve bind requests from one IP against "userPassword" and bind requests from another IP against another (custom) attribute. Is this possible by any chance?
Yes, by writing an overlay that takes the appropriate measures; e.g. intercepting bind requests and, based on the client's IP, collect the desired information and return appropriate bind responses.
<advertisement> This approach might sound a bit awkward (depending on the requirements); in that case, hiring a specialist might be a wise choice. </advertisement>
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------