[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Logging in without full DN

To: Sean Hussey <seanhussey@gmail.com>
Subject: Re: Logging in without full DN
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 07 Oct 2005 12:27:58 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <c89c8a510510071200w30dfb084u1412d4ed60a020f5@mail.gmail.co m>
References: <c89c8a510510071200w30dfb084u1412d4ed60a020f5@mail.gmail.com>

A number of SASL mechanisms, including
DIGEST-MD5 (LDAP's mandatory-to-implement "strong"
authentication mechanism), CRAM-MD5, and PLAIN,
support authentication identities in the form of a
simple user name.  OpenLDAP Software supports these
mechanisms through Cyrus SASL.

And, yes, you can map simple user names to DNs.
See authz-regex in slapd.conf(5).

Note, however, you cannot use a simple user name as
the LDAP simple bind name as this is required to be
an LDAP DN.

Kurt

At 12:00 PM 10/7/2005, Sean Hussey wrote:
>Hi everyone,
>
>We're chugging along, unifying our databases and old LDAP installation
>with our new Unified LDAP solution.  Everything's going great.
>
>One of the new policies we have is to not allow anonymous lookups for
>address book searches.
>
>The issue with this is that our client base is...opposed to change. 
>Now, they would happily comply if all they had to do was put their
>username and password somewhere, but putting in the full DN?  I think
>there would be more typo'ed configs that not.
>
>Now, I've heard that you can configure OpenLDAP such that binding as
>"seanhussey" would alias to
>"uid=seanhussey,ou=people,dc=domain,dc=com".
>
>Was I dreaming, or is this possible?
>
>We're on 2.2.28 right now, but I'm in the middle of upgrading to 2.2.29.
>
>Thanks!
>
>Sean

Follow-Ups:
- Re: Logging in without full DN
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

References:
- Logging in without full DN
  - From: Sean Hussey <seanhussey@gmail.com>

Prev by Date: Logging in without full DN
Next by Date: Re: Logging in without full DN
Index(es):
- Chronological
- Thread