Re: rewrite a login into a dn in simple bind

[Craig Dunigan <cdunigan@doit.wisc.edu>]

I'm not sure I made myself clear.  You create one application account/dn
that's written into the login app somehow (you could encrypt it in a
config file if you want flexibility without exposing the account to
users).  The login app uses that dn to bind to execute the search for the
cn/uid the user enters, catches the user's dn that the directory returns,
then rebinds with that dn and the password the user entered.  The user
never sees his dn, all he enters is a uid and a password.

I know the boss doesn't like an application account, but I can't think of
another way to do this.  But I'm not the most inventive guy around - maybe
someone else can think of a better way.

Craig

On Wed, 8 Oct 2003, Francois Beretti wrote:

> Craig Dunigan wrote:
> 
> > Then ask them to create an application account.  We do this all the ime.
> > 
> > Craig
> > 
> 
> argh...
> 
> I can't do this :)
> 
> my application is intended to be installed on every workstation in a 
> company, and administrators will have to enter the application account 
> credentials on each computer :-/
> 
> actually, my application replaces the logon window on windows 
> workstations. So I don't want the users to have to enter a dn, because 
> it is more user friendly to just tape a login name.
> 
> And my chief really doesn't like the idea of an application account. :(
> 
> thank you
> 
> Francois
>