Discussion:
Binding with an e-mail address
Willie Gillespie
2009-11-21 20:14:16 UTC
Permalink
Perhaps someone can point me in the right direction here. Using just
simple binds (for now), I am trying to allow users to bind with just a
username or e-mail address and have OpenLDAP rewrite their bind to a
more complex DN for them before checking against userPassword.

Is there a way to do this?

I have tried playing with olcAuthIDRewrite and olcRwmRewrite but I must
be doing something incorrectly.

Thanks!

Willie
Howard Chu
2009-11-21 20:55:18 UTC
Permalink
Post by Willie Gillespie
Perhaps someone can point me in the right direction here. Using just
simple binds (for now), I am trying to allow users to bind with just a
username or e-mail address and have OpenLDAP rewrite their bind to a
more complex DN for them before checking against userPassword.
Is there a way to do this?
No. LDAP Simple Bind requires DNs. Use SASL Bind if you want to use other
forms of user names.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Willie Gillespie
2009-11-21 20:59:31 UTC
Permalink
Post by Howard Chu
No. LDAP Simple Bind requires DNs. Use SASL Bind if you want to use other
forms of user names.
Good to know. What is olcAuthIDRewrite used for then?
Howard Chu
2009-11-21 21:02:27 UTC
Permalink
Post by Willie Gillespie
Post by Howard Chu
No. LDAP Simple Bind requires DNs. Use SASL Bind if you want to use other
forms of user names.
Good to know. What is olcAuthIDRewrite used for then?
Probably nothing. It hasn't ever been documented, you're probably the first
person to ask about it in 8 years.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Willie Gillespie
2009-11-21 21:03:37 UTC
Permalink
Post by Howard Chu
Post by Willie Gillespie
Good to know. What is olcAuthIDRewrite used for then?
Probably nothing. It hasn't ever been documented, you're probably the first
person to ask about it in 8 years.
Haha. That's awesome. Thanks for your help, Howard.
m***@aero.polimi.it
2009-11-21 22:42:34 UTC
Permalink
Post by Willie Gillespie
Post by Howard Chu
Post by Willie Gillespie
Good to know. What is olcAuthIDRewrite used for then?
Probably nothing. It hasn't ever been documented, you're probably the first
person to ask about it in 8 years.
Haha. That's awesome. Thanks for your help, Howard.
olcAuthIDRewrite (authid-rewrite) allows to use librewrite to map
identities during SASL auth and authorization in general. It has nothing
to do with simple bind, though. As a consequence, playing with it is
pointless.

p.

Loading...