Perhaps someone can point me in the right direction here. Using just simple binds (for now), I am trying to allow users to bind with just a username or e-mail address and have OpenLDAP rewrite their bind to a more complex DN for them before checking against userPassword.
Is there a way to do this?
I have tried playing with olcAuthIDRewrite and olcRwmRewrite but I must be doing something incorrectly.
Thanks!
Willie
Willie Gillespie wrote:
Perhaps someone can point me in the right direction here. Using just simple binds (for now), I am trying to allow users to bind with just a username or e-mail address and have OpenLDAP rewrite their bind to a more complex DN for them before checking against userPassword.
Is there a way to do this?
No. LDAP Simple Bind requires DNs. Use SASL Bind if you want to use other forms of user names.
Willie Gillespie wrote:
Howard Chu wrote:
No. LDAP Simple Bind requires DNs. Use SASL Bind if you want to use other forms of user names.
Good to know. What is olcAuthIDRewrite used for then?
Probably nothing. It hasn't ever been documented, you're probably the first person to ask about it in 8 years.
Howard Chu wrote:
Willie Gillespie wrote:
Good to know. What is olcAuthIDRewrite used for then?
Probably nothing. It hasn't ever been documented, you're probably the first person to ask about it in 8 years.
Haha. That's awesome. Thanks for your help, Howard.
olcAuthIDRewrite (authid-rewrite) allows to use librewrite to map identities during SASL auth and authorization in general. It has nothing to do with simple bind, though. As a consequence, playing with it is pointless.
p.
openldap-technical@openldap.org
-
Howard Chu -
masaratiļ¼ aero.polimi.it -
Willie Gillespie