[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Logging in without full DN
- To: openldap-software@OpenLDAP.org
- Subject: Logging in without full DN
- From: Sean Hussey <seanhussey@gmail.com>
- Date: Fri, 7 Oct 2005 15:00:58 -0400
- Content-disposition: inline
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=aE6Uw6/uguqCwNpI877CUvCzTiFL2P43riw7g3iwIW5bP3fJYeyYFMOyFRAgHGq5Tehb8k4o47po9Lz7rQARcQIWDlNoIZKPRzrK1myJvS0/kcBWulTNqiAwCgE1PKshXBJ3q+1+gCsNdAwhxMLONPRfvqHIyN+1XHza56i7ufk=
Hi everyone,
We're chugging along, unifying our databases and old LDAP installation
with our new Unified LDAP solution. Everything's going great.
One of the new policies we have is to not allow anonymous lookups for
address book searches.
The issue with this is that our client base is...opposed to change.
Now, they would happily comply if all they had to do was put their
username and password somewhere, but putting in the full DN? I think
there would be more typo'ed configs that not.
Now, I've heard that you can configure OpenLDAP such that binding as
"seanhussey" would alias to
"uid=seanhussey,ou=people,dc=domain,dc=com".
Was I dreaming, or is this possible?
We're on 2.2.28 right now, but I'm in the middle of upgrading to 2.2.29.
Thanks!
Sean