[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: authentification only with cn=toto type



Pierre FERT wrote:

My problem is on authentification.

The applications which use it connect in simple authentification but without context!!!!

    Ex: cn=toto with his password is all

     I tried to connect me by creating a script to bind in backend Shell

a database would intercept this operation only if it's suffix is empty ("").

but connection is not even accepted and script is not called whereas it is it by specifying the context.


I tested the rules of rwm, but it is similar these rules are not called upon either

This is something you could solve using a global overlay that intercepts the bind operation before it gets to database selection. As already commented by Michael from one point of view, and Aaron from another, what you need is to intercept bind operations and handle them. For example, at SysNet we developed a trivial overlay that implements simple bind as "cn=Directory Manager", which appears to be the hardcoded directory administrator's DN in some proprietary DSA implementations. This was never posted to the list because it's absolutely trivial; if you need to perform simple bind with a single, specific DN with credentials stored in the configuration, I can post it (give me time to dig it out). The other solutions you've been pointed at are fine as well, although they require a bit more work to be configured and set up.

Cheers, p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------