[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: rewrite a login into a dn in simple bind

Craig Dunigan wrote:
I'm not sure I made myself clear.  You create one application account/dn
that's written into the login app somehow (you could encrypt it in a
config file if you want flexibility without exposing the account to
users).  The login app uses that dn to bind to execute the search for the
cn/uid the user enters, catches the user's dn that the directory returns,
then rebinds with that dn and the password the user entered.  The user
never sees his dn, all he enters is a uid and a password.

I understand your idea, but I will have to enter the dn and password when installing the application, dont'you agree ?

My application is not written for me or my company, it is intended to customers, and must adapt itself to their directory server (iplanet, openldap, active directory, ...)

but anyway, as you and I said my boss doesn't want this solution :/

I know the boss doesn't like an application account, but I can't think of another way to do this. But I'm not the most inventive guy around - maybe someone else can think of a better way.

what can do the back-ldap module of openldap ? Is it able to rewrite the bind dn ?

Is there a module which can do this ?

thank you Craig