[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd: The reverse of "authz-regexp": From Bind-DN to SASL authentication: Is it possible?

>>>>> "Kurt" == Kurt D Zeilenga <Kurt@OpenLDAP.org> writes:

    Kurt> At 02:14 AM 12/22/2006, Alexandros Vellis wrote:
    >> The slapd.conf option "authz-regexp", according to man page
    >> is...:
    >> Used by the authentication framework to convert simple user
    >> names, such as provided by SASL subsystem, to an LDAP DN used
    >> for authorization purposes.
    >> I am searching how to do the exact reverse thing, and I haven't
    >> found an option for it.

    Kurt> Becaues the exact reverse thing doesn't exist.

    Kurt> However, you might look at using the {SASL} userPassword
    Kurt> scheme.  See
    Kurt> <http://www.openldap.org/faq/index.cgi?file=944>.  Note that
    Kurt> while this FAQ answer is written from a Kerberos
    Kurt> perspective, the mechanism works just fine with various
    Kurt> other Cyrus SASL saslauthd(8) configurations.

Or have a look at http://bayour.com/LDAPv3-HOWTO.html. It deals with
just this sort of thing...