[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Bind with alternative DN pattern
- To: openldap-technical@openldap.org
- Subject: Bind with alternative DN pattern
- From: Mathias <openldap.org@postb0x.com>
- Date: Fri, 13 Jan 2012 00:30:59 +0100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type; bh=Ys90dIpW39vsaSi8zuZMypOKtsmRh7A4528Z3/ZTenA=; b=e3Ealq4ykzfWdj4TmQ3aSzyU0EZ5rYCDqkeDkKfXcUdxjFWcqh5DPWTK3t1ygz1Q4p BlJ/aroZaL6s8yZrImipdzLyXrA/arWrdwt5lPKOuGxOTiphkXrKn29zzfZkbCWpPVmx Pfc3gET0SLQWgetbk6oAmG0PhWARN/DyFClT4=
Hi,
I have trouble understanding a rather simple LDAP config issue that
I'm sure someone on this list can easily help with:
How do I add a (or change the) pattern of the bind DN that slapd lets
me authenticate with?
I have a working slapd setup that I can happily bind to using DNs of
the form "cn=Bob Parr,dc=example,dc=com". However, all accounts also
have a unique "uid" attribute that I would like to use in addition to
(or, if not possible, instead of) the "cn"-based RDN for binding.
So, I'd like to (also) bind using the DN "uid=bob,dc=example,dc=com".
My understanding is that one entry can have several DNs as long as
each one is unambiguous. Shouldn't I be able to bind with anyone of
these?
I have spent hours on searching for documentation on this and turned
up surprisingly little. The problem is not an ACL issue since the
logged error when trying a "uid"-based bind is "DB_NOTFOUND: No
matching key/data pair found" rather than anything else...
I'd be _very_ grateful for any pointers on this...
Cheers,
Mathias