I have setup an OpenLDAP server for users authenticating
using SASL. The authz-regexp "converts" the SASL identity
into a DN which is used only for authorization purposes
- there are no real LDAP entries with these DNs. This setup
Now I have some LDAP client applications that only support
simple authentication, but no SASL authentication. So I am
looking for a way to "map" simple authentication to SASL
authentication, e.g. when a user uses simple auth with
DN "cn=user1,ou=users,dc=domain,dc=com" this mechanism should
authenticate this user via SASL using username "user1"
and the provided password.
I absolutely DO NOT WANT to create real LDAP entries for
these users, because the user database is an external one
accessed via SASL->PAM->COMPLICATED_PAM_MODULES, and I
dont want to manage user accounts in two places :-)
Is this possible?
I already thought about using an "ldap"-backend to proxy
simple-auth-connections, but I did not found a way to just
"rewrite" the authentication information and make the proxy
server using SASL with a username extracted from the simple
Thanks and best regards