[Date Prev][Date Next]
Re: rewrite a login into a dn in simple bind
Sorry if I don't understand the problem well enough, but let me try to explain
what I think you could do, by giving an example:
I am using a php/apache webpage to login to the ldap server, to let people
change their email password.
The most easy way is to let people enter their emailaddress (which is
identical to the uid in my case), bind anonymous to find the dn, and rebind
with the found dn and the password.
However, that's not possible you say, because an anonymous bind can not search
through the ldap database because of your boss' constraints.
A way out could be to make a seperate tree (or an entirely seperate database)
where you store the dn and the uid, and since you control that database, you
can give access to it by anonymous, to find the dn, and then bind to the
'real' database with the found dn and the password.
Obviously, keeping the second database in sync with the main database will be
a pain. It could be done, but it seems there are various obstacles in your
Then, since you are talking about rewriting the dn, there must be a one-to-one
relationship between dn and uid. For instance, entries like:
cn: Babs Jensen for President!
where the UID (in attibute uid) is an exact part of the dn.
Your application then can easily construct a dn from a uid.
If there is no one-to-one mapping of uid's and dn's, could you tell me how you
envision 'rewriting' ?
Ace Suares' Internet Consultancy
website: http://www.suares.nl * http://www.qwikzite.nl