[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd: The reverse of "authz-regexp": From Bind-DN to SASL authentication: Is it possible?

At 02:14 AM 12/22/2006, Alexandros Vellis wrote:
>The slapd.conf option "authz-regexp", according to man page is...:
>    Used by the authentication framework to convert simple
>    user names, such  as  provided  by SASL subsystem, to an
>    LDAP DN used for authorization purposes.
>I am searching how to do the exact reverse thing, and I haven't found
>an option for it.

Becaues the exact reverse thing doesn't exist.

However, you might look at using the {SASL} userPassword
scheme.  See <http://www.openldap.org/faq/index.cgi?file=944>.
Note that while this FAQ answer is written from a Kerberos
perspective, the mechanism works just fine with various
other Cyrus SASL saslauthd(8) configurations.