Sorry to re-send to the list, but I'm hopeful someone might have some thoughts on
whether this might be possible!
We have an old unsupported application that authenticates users using an LDAP bind. The
credential used for authentication (and what all the internal authorizations are tied to)
is employee ID. We are moving to LDAP directory that uses email address instead of
employee ID as the DN - the employee ID is still present as an attribute in the new
directory and the password remains the same. Since I can't modify the problematic
application, it’s not going away anytime soon, and it’s the last thing holding up
migration to the new directory system, I'm hoping that I can use OpenLDAP as a shim
between the application and the new directory to do something like the following:
* Collect credentials (employee_id, password) during bind
* using a privileged service account, search/bind against the new directory to map
employee ID attribute to email address DN (like mod_authz_ldap does it)
* return the success/failure as result of original bind
I would appreciate any ideas or pointers if this is possible or if there might be a better
way.
Thanks in advance!
Dave
David LaPorte
david(a)davidlaporte.org