[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication Problem Regarding aliasedObjectName

To: Christian Felsing <pug@felsing.net>
Subject: Re: Authentication Problem Regarding aliasedObjectName
From: Howard Chu <hyc@symas.com>
Date: Fri, 02 May 2008 07:17:08 -0700
Cc: openldap-technical@openldap.org
In-reply-to: <481AFFC3.1000203@felsing.net>
References: <481AFFC3.1000203@felsing.net>
User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9pre) Gecko/2008043023 SeaMonkey/2.0a1pre

Christian Felsing wrote:

Hello,

my installation has two OUs, one contains real inetOrgPerson objects,
other one contains aliases to the first OU. First OU contains DNs which
are not acceptable to a specific application (pls. don't ask me why) so
2nd OU was introduced with DNs which are acceptable to that application.
Unfortunally, authentication to an alias seems to be not possible,
because that application is not able to do dereferencing.

Aliases can only be dereferenced by Search operations. They're a pretty poor mechanism for just about anything, really. You should look into using back-relay for this purpose instead.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- Authentication Problem Regarding aliasedObjectName
  - From: Christian Felsing <pug@felsing.net>

Prev by Date: Re: how to stop openldap
Next by Date: query Active Directory
Index(es):
- Chronological
- Thread