[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#6456) Feature Request
Full_Name: J
Version: 2.4.20
OS: Debian-Lenny/amd64
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (68.15.14.98)
Greetings,
Having found out this doesn't already exist as another parameter or
configuration method, I am hereby submitting a request for a particular
feature.
When performing idassert-bind operations, such as with back_ldap, it would be
great if an option could be added which would allow specific matched client DNs
to be matched and asserted as usual (e.g: the anonymous user asserting to a
backend "proxyauthenticator" account) .... while other clients (flagged somehow)
would pass-through as themselves.
Example (as I might do it for my purposes):
idassert-bind
bindmethod="simple"
binddn="uid=proxyauthenticator,ou=users,dc=example,dc=com"
credentials="password_string"
starttls="yes"
tls_reqcert="never"
mode="none"
# anonymous clients will assert as "proxyauthenticator", since the backend may
not allow anonymous binds.
idassert-authzFrom "dn.exact:"
# this guy will pass through as himself to the backend, as-is.
idassert-passThrough "dn.exact:uid=admin,ou=users,dc=example,dc=com"
This would be really helpful, not sure if its difficult to implement ...