[Date Prev][Date Next] [Chronological] [Thread] [Top]

simple-auth to SASL mapping?



Hi all,

I have setup an OpenLDAP server for users authenticating
using SASL. The authz-regexp "converts" the SASL identity
into a DN which is used only for authorization purposes 
- there are no real LDAP entries with these DNs. This setup
works fine.

Now I have some LDAP client applications that only support
simple authentication, but no SASL authentication. So I am
looking for a way to "map" simple authentication to SASL
authentication, e.g. when a user uses simple auth with
DN "cn=user1,ou=users,dc=domain,dc=com" this mechanism should
authenticate this user via SASL using username "user1"
and the provided password.

I absolutely DO NOT WANT to create real LDAP entries for
these users, because the user database is an external one
accessed via SASL->PAM->COMPLICATED_PAM_MODULES, and I 
dont want to manage user accounts in two places :-)

Is this possible?

I already thought about using an "ldap"-backend to proxy
simple-auth-connections, but I did not found a way to just
"rewrite" the authentication information and make the proxy
server using SASL with a username extracted from the simple
auth DN...

Thanks and best regards
-stefan-