Re: Rewriting the dn

[Justin Davies <justin@palmcoder.net>]

Buchan/List,

This is not for PAM authentication, it is for a specific application 
that I cannot talk about that definitely does need to translate cn= to 
uid= both for binding and searching.

Thanks for you response though.

Justin
-  - -- ----  ----------------------------------------- --- -- -   -
Justin Davies LPIC2,OCA,DB2
Lead SME/Editor, Linux Professional Institute
email: justin@palmcoder.net
web: www.palmcoder.net
-  - -- ----  -------- ----------------------------------------------- 
------- --- -- -   -
On 15 Jun 2004, at 12:09, Buchan Milne wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Justin Davies wrote:
> | I am using openldap as a proxy to an NDS ldap server and it seems to 
> be
> | working ok.
> |
> | The problem I have is that NDS will by default only set the dn as
> | cn=user,......  I need the dn to be uid=user,.....
> |
>
> I am just wondering if this is necessary? What applications are binding
> as uid=? If it's just pam_ldap, then you should just be able to do:
>
> pam_login_attribute cn
> in /etc/ldap.conf
>
> For nss, you probably need:
> #nss_map_attribute uid cn
>
> etc.
>
> If you just want to authenticate unix machines to NDS, you shouldn't
> need an openldap doing rewrites, just a recent pam_ldap/nss_ldap.
>
> (of course, further discussion would be off-topic for this list).
>
> Regards,
> Buchan
>
> - --
> Buchan Milne                      Senior Support Technician
> Obsidian Systems                  http://www.obsidian.co.za
> B.Eng                                RHCE (803004789010797)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFAztjVrJK6UGDSBKcRAsU9AKDJYRhpX3Xiy+uIYc5OWcSosMxsMgCfVR4f
> q2+31LoGlmgO4SQJkBnLUG0=
> =9p+U
> -----END PGP SIGNATURE-----