[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd: The reverse of "authz-regexp": From Bind-DN to SASL authentication: Is it possible?

To: openldap-software@openldap.org
Subject: slapd: The reverse of "authz-regexp": From Bind-DN to SASL authentication: Is it possible?
From: Alexandros Vellis <avel@noc.uoa.gr>
Date: Fri, 22 Dec 2006 12:14:56 +0200
Organization: National and Kapodistrian University of Athens

The slapd.conf option "authz-regexp", according to man page is...:

    Used by the authentication framework to convert simple
    user names, such  as  provided  by SASL subsystem, to an
    LDAP DN used for authorization purposes.

I am searching how to do the exact reverse thing, and I haven't found
an option for it. Specifically, I would like to convert the LDAP dn
provided in a simple LDAP bind, to an authentication token (userid,
realm, password) that would be passed to the SASL subsystem for the
purposes of authentication. The SASL subsystem would then be
responsible to do the authentication, just as if SASL authentication
('-Y') were used.

Am I correct in assuming that this functionality currently does not
exist?

Alexandros Vellis

Follow-Ups:
- Re: slapd: The reverse of "authz-regexp": From Bind-DN to SASL authentication: Is it possible?
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Problem when using 'accesslog' and 'refint' overlays in combination
Next by Date: Re: Disaster recovery question wrt replication
Index(es):
- Chronological
- Thread