[Date Prev][Date Next] [Chronological] [Thread] [Top]

rwm and sasl authz

To: openldap-software@openldap.org
Subject: rwm and sasl authz
From: Konstantinos Koukopoulos <kouk+Lists.openldap@noc.uoa.gr>
Date: Thu, 24 Jul 2008 13:10:08 +0300
Content-disposition: inline
User-agent: KMail/1.9.7

Hello,
I was wondering if it is a known issue that when using sasl authorization 
combined with the rewrite module, one doesn't have access to either the 
binddn or the authz dn. The rewrite context bindDN is only called when the 
client supplies a DN in the simple-bind fashion (-D when using ldapsearch). 

But if one uses a sasl mechanism (in order to use proxy auth for example) then 
the binding will happen with the result of the authz-regexp rewrite but this 
is not in a context of slapo-rwm, whose bindDN context sees whatever, if any, 
arbitrary bind DN the request contained (for example through -D).

Additionally there is no context regarding the authorization DN, which is 
pretty much a necessity if you plan on using authFrom and have remapped the 
dit.

Thank you,
Kostas Koukopoulos

Follow-Ups:
- Re: rwm and sasl authz
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Troubles with Country (c) attribute limited to two characters
Next by Date: Meta Idassert-bind
Index(es):
- Chronological
- Thread