[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Rewriting the dn



Buchan/List,

This is not for PAM authentication, it is for a specific application that I cannot talk about that definitely does need to translate cn= to uid= both for binding and searching.

Thanks for you response though.

Justin
-  - -- ----  ----------------------------------------- --- -- -   -
Justin Davies LPIC2,OCA,DB2
Lead SME/Editor, Linux Professional Institute
email: justin@palmcoder.net
web: www.palmcoder.net
-  - -- ----  -------- ----------------------------------------------- ------- --- -- -   -
On 15 Jun 2004, at 12:09, Buchan Milne wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Justin Davies wrote:
| I am using openldap as a proxy to an NDS ldap server and it seems to be
| working ok.
|
| The problem I have is that NDS will by default only set the dn as
| cn=user,...... I need the dn to be uid=user,.....
|


I am just wondering if this is necessary? What applications are binding
as uid=? If it's just pam_ldap, then you should just be able to do:

pam_login_attribute cn
in /etc/ldap.conf

For nss, you probably need:
#nss_map_attribute uid cn

etc.

If you just want to authenticate unix machines to NDS, you shouldn't
need an openldap doing rewrites, just a recent pam_ldap/nss_ldap.

(of course, further discussion would be off-topic for this list).

Regards,
Buchan

- --
Buchan Milne                      Senior Support Technician
Obsidian Systems                  http://www.obsidian.co.za
B.Eng                                RHCE (803004789010797)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAztjVrJK6UGDSBKcRAsU9AKDJYRhpX3Xiy+uIYc5OWcSosMxsMgCfVR4f
q2+31LoGlmgO4SQJkBnLUG0=
=9p+U
-----END PGP SIGNATURE-----