[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL and mail attribute help

To: Al Pacifico <pacifico@drizzle.com>
Subject: Re: SASL and mail attribute help
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Wed, 1 Jun 2005 20:38:02 +0200
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <013801c566d1$3b153210$337ba8c0@Laptop8100>
References: <013801c566d1$3b153210$337ba8c0@Laptop8100>

Al Pacifico writes:
> I wish to authenticate using SASL DIGEST-MD5 against the mail and
> userPassword attributes.
>
> The examples at OpenLDAP show use of the uid attribute, which is not present
> for all entries in my directory. I'm not sure how to map to the correct
> authentication request DN.

The "username" from SASL is a SASL identity, not an LDAP attribute.
OpenLDAP puts it UID in the bind DN, but you can use sasl-regexp to
change that.

See 'man slapd.conf' - I think this should do it, though I have not
tested:

sasl-regexp UID=([^,]*),cn=your-realm,CN=DIGEST-MD5,CN=auth
           ldap:///dc=example,dc=com??sub?(mail=$1)

Replace the realm, search base DN, scope and filter with whatever is
appropriate.

-- 
Hallvard
Don't anthropomorphize computers. They hate that.

References:
- SASL and mail attribute help
  - From: "Al Pacifico" <pacifico@drizzle.com>

Prev by Date: Re: SASL and mail attribute help
Next by Date: slapd working on localhost and *real* interface: What about certificates ?
Index(es):
- Chronological
- Thread