[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: rewrite a login into a dn in simple bind

Hello, Francois,

On Wed, 08 Oct 2003 15:42:17 +0200
Francois Beretti <francois.beretti@enatel.com> wrote:

> >>So I would like to map the login provided by the client to the dn of
> >>the entry which has this value in its "uid" attribute
> > AFAIR, the common method to do this is to do an anonymous bind, and
> > use this to search for (uid=whateveryouneed) to get the dn. Then,
> > use this dn to bind with the password.
> Ok, but if the access control rules of the server don't allow any 
> anonymous bind, or don't give search access on uid attribute, or read 
> access on users' entries, I can't use this method, because I think
> some LDAP administrators won't let me set such access rules on their
> openldap server for my application to work on their network.

Then you have to create your own auth object (with an strong password),
and set it's acls to just allow search for uid, and auth for passwords.
Bind to this auth object, search for the dn, and then rebind.