Hi all,
I have setup an OpenLDAP server for users authenticating using SASL. The authz-regexp "converts" the SASL identity into a DN which is used only for authorization purposes - there are no real LDAP entries with these DNs. This setup works fine.
Now I have some LDAP client applications that only support simple authentication, but no SASL authentication. So I am looking for a way to "map" simple authentication to SASL authentication, e.g. when a user uses simple auth with DN "cn=user1,ou=users,dc=domain,dc=com" this mechanism should authenticate this user via SASL using username "user1" and the provided password.
I absolutely DO NOT WANT to create real LDAP entries for these users, because the user database is an external one accessed via SASL->PAM->COMPLICATED_PAM_MODULES, and I dont want to manage user accounts in two places :-)
Is this possible?
I already thought about using an "ldap"-backend to proxy simple-auth-connections, but I did not found a way to just "rewrite" the authentication information and make the proxy server using SASL with a username extracted from the simple auth DN...
Thanks and best regards -stefan-