[Date Prev][Date Next] [Chronological] [Thread] [Top]

simple-auth to SASL mapping?

To: openldap-technical@openldap.org
Subject: simple-auth to SASL mapping?
From: Stefan Palme <kleiner@hora-obscura.de>
Date: Mon, 07 Jan 2008 18:46:56 +0100

Hi all,

I have setup an OpenLDAP server for users authenticating
using SASL. The authz-regexp "converts" the SASL identity
into a DN which is used only for authorization purposes 
- there are no real LDAP entries with these DNs. This setup
works fine.

Now I have some LDAP client applications that only support
simple authentication, but no SASL authentication. So I am
looking for a way to "map" simple authentication to SASL
authentication, e.g. when a user uses simple auth with
DN "cn=user1,ou=users,dc=domain,dc=com" this mechanism should
authenticate this user via SASL using username "user1"
and the provided password.

I absolutely DO NOT WANT to create real LDAP entries for
these users, because the user database is an external one
accessed via SASL->PAM->COMPLICATED_PAM_MODULES, and I 
dont want to manage user accounts in two places :-)

Is this possible?

I already thought about using an "ldap"-backend to proxy
simple-auth-connections, but I did not found a way to just
"rewrite" the authentication information and make the proxy
server using SASL with a username extracted from the simple
auth DN...

Thanks and best regards
-stefan-

Follow-Ups:
- Re: simple-auth to SASL mapping?
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: Silly details like CN= v cn=
Next by Date: Password expiration question (ppolicy and smbk5wpd interaction)
Index(es):
- Chronological
- Thread