Re: rewrite a login into a dn in simple bind

[Francois Beretti <francois.beretti@enatel.com>]

Craig Dunigan wrote:
> I'm not sure I made myself clear.  You create one application account/dn
> that's written into the login app somehow (you could encrypt it in a
> config file if you want flexibility without exposing the account to
> users).  The login app uses that dn to bind to execute the search for the
> cn/uid the user enters, catches the user's dn that the directory returns,
> then rebinds with that dn and the password the user entered.  The user
> never sees his dn, all he enters is a uid and a password.

I understand your idea, but I will have to enter the dn and password 
when installing the application, dont'you agree ?

My application is not written for me or my company, it is intended to 
customers, and must adapt itself to their directory server (iplanet, 
openldap, active directory, ...)

but anyway, as you and I said my boss doesn't want this solution :/

> I know the boss doesn't like an application account, but I can't think of
> another way to do this.  But I'm not the most inventive guy around - maybe
> someone else can think of a better way.

what can do the back-ldap module of openldap ?
Is it able to rewrite the bind dn ?

Is there a module which can do this ?

thank you Craig

François

> Craig