[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: rewrite a login into a dn in simple bind

To: Francois Beretti <francois.beretti@enatel.com>
Subject: Re: rewrite a login into a dn in simple bind
From: Markus Schaber <schaber@scan-plus.de>
Date: Wed, 8 Oct 2003 17:04:13 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <3F841439.4030400@enatel.com>
Organization: Scan-Plus GMBH, Ulm
References: <3F83DF4D.1070007@enatel.com> <20031008152554.3112318d.schaber@scan-plus.de> <3F841439.4030400@enatel.com>

Hello, Francois,

On Wed, 08 Oct 2003 15:42:17 +0200
Francois Beretti <francois.beretti@enatel.com> wrote:

> >>So I would like to map the login provided by the client to the dn of
> >>the entry which has this value in its "uid" attribute
> > AFAIR, the common method to do this is to do an anonymous bind, and
> > use this to search for (uid=whateveryouneed) to get the dn. Then,
> > use this dn to bind with the password.
> Ok, but if the access control rules of the server don't allow any 
> anonymous bind, or don't give search access on uid attribute, or read 
> access on users' entries, I can't use this method, because I think
> some LDAP administrators won't let me set such access rules on their
> openldap server for my application to work on their network.

Then you have to create your own auth object (with an strong password),
and set it's acls to just allow search for uid, and auth for passwords.
Bind to this auth object, search for the dn, and then rebind.

Thanks,
Markus

References:
- rewrite a login into a dn in simple bind
  - From: Francois Beretti <francois.beretti@enatel.com>
- Re: rewrite a login into a dn in simple bind
  - From: Markus Schaber <schaber@scan-plus.de>
- Re: rewrite a login into a dn in simple bind
  - From: Francois Beretti <francois.beretti@enatel.com>

Prev by Date: Re: rewrite a login into a dn in simple bind
Next by Date: installation on AIX 5.2?
Index(es):
- Chronological
- Thread