Is there a alias entry that can be used for authentication? Basically I am looking for away to allow a user record to have multiple uid's.
Example:
uid johnsmith uid jsmith
Trying to bring multiple services under one authentication method. The challenging part, some services have varying usernames as list above. Which unfortunately can not be changed.
Thanks
RV
On 03/15/13 10:24 -0700, R V wrote:
Is there a alias entry that can be used for authentication? Basically I am looking for away to allow a user record to have multiple uid's.
Example:
uid johnsmith uid jsmith
Trying to bring multiple services under one authentication method. The challenging part, some services have varying usernames as list above. Which unfortunately can not be changed.
uid is a multi-valued attribute, so you could specify it multiple times. We chose to create a custom attribute for alternative uids in our setup, so that we could easily normalize usernames.
For sasl binds, you can do this in your config:
authz-regexp "uid=([^,]+),cn=example.net,cn=[^,]+,cn=auth" ldap:///ou=people,dc=example,dc=net??one?(&(customAltUid=$1)(!(customAccountStatus=suspended)))
where 'customAltUID' and 'customAccountStatus' are custom attributes. We also include the uid value into the multi-valued customAltUID entry, but we could have just as easily not done that, and created a filter to search both uid and customAltUid.
We do not support direct non-sasl binds, which this approach doesn't support - unless the software doing the bind supports a two-step bind process where it searches for the dn (using customAltUid in its filter), then binds as the dn.
openldap-technical@openldap.org
-
Dan White -
R V