[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6456) Feature Request

To: openldap-its@OpenLDAP.org
Subject: (ITS#6456) Feature Request
From: j@gropefruit.com
Date: Mon, 18 Jan 2010 00:02:03 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: J
Version: 2.4.20
OS: Debian-Lenny/amd64
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (68.15.14.98)


Greetings,

Having found out this doesn't already exist as another parameter or
configuration method, I am hereby submitting a request for a particular
feature.

When performing idassert-bind operations, such as with back_ldap, it would be
great if an option could be added which would allow specific matched client DNs
to be matched and asserted as usual (e.g: the anonymous user asserting to a
backend "proxyauthenticator" account) .... while other clients (flagged somehow)
would pass-through as themselves.

Example (as I might do it for my purposes):

idassert-bind
   bindmethod="simple"
   binddn="uid=proxyauthenticator,ou=users,dc=example,dc=com"
   credentials="password_string"
   starttls="yes"
   tls_reqcert="never"
   mode="none"

# anonymous clients will assert as "proxyauthenticator", since the backend may
not allow anonymous binds.
idassert-authzFrom "dn.exact:"

 # this guy will pass through as himself to the backend, as-is.
idassert-passThrough "dn.exact:uid=admin,ou=users,dc=example,dc=com"  

This would be really helpful, not sure if its difficult to implement ...

Prev by Date: Re: (ITS#6455) Able to crash slapd while using back_ldap
Next by Date: Re: (ITS#6455) Able to crash slapd while using back_ldap
Index(es):
- Chronological
- Thread