[Date Prev][Date Next] [Chronological] [Thread] [Top]

username to dn mapping when using SASL/DIGEST-MD5



I already sent this question to openldap-software, but so far
nobody answered. I hope asking this question here is not very
big mistake...

I'm trying to configure OpenLDAP (2.0.23) under Debian GNU/Linux so
that users can authenticate themselves when doing ldap bind by
SASL/DIGEST-MD5 mechanism. It seems to work (SASL) but I can't find
any connection between dn being bound to username and password
supplied during SASL authentication.
Hence my question: How exactly are SASL authid, authzid and realm
parameters mapped into LDAP distinguished name supposed to be bound
as ? What I mean is mapping performed when no special params in
slapd.conf are placed. Can I control it somehow ?
I know about parameters introduced in 2.1 release, but what I need to
know right now is situation with 2.0.23.

Great thank you in advance. I spent last few days trying to figure out
how does it work, so any answer or comment is appreciated.

Oh, I've searched thorough opebnldap site and mailing lists as well.
So far couldn't find any detailed explanation. That's why I finally
decided to bother you here.


cheers,
+--------------------------------------------------------+
|Rafal 'Mimir' Szczesniak <mimir@spin.ict.pwr.wroc.pl>   |
|*BSD, GNU/Linux and Samba                              /
|______________________________________________________/