[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: binding to an alias entry?



Stefan Palme wrote:
Hi,

I have two ldap entries:

  dn:cn=me,ou=users,dc=kapott,dc=org
  objectclass:person
  cn:me
  userPassword:...

  dn:cn=me,ou=imap,ou=groups,dc=kapott,dc=org
  objectclass:alias
  objectclass:extensibleObject
  aliasedObjectName:cn=me,ou=users,dc=kapott,dc=org
  cn:me

I can use the first DN to successfully bind to the LDAP server,
but not the second one. It would be nice to be able to use
"cn=me,ou=imap,ou=groups,dc=kapott,dc=org" as bind DN too, but
without duplicating the whole "person" entry with the userPassword.

According to RFC4511, ...

     ([RFC4513], Section 5.2).  Where the server attempts to locate the
     named object, it SHALL NOT perform alias dereferencing.

(section 4.2).

p.