[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Bind with alternative DN pattern

Am Fri, 13 Jan 2012 00:30:59 +0100
schrieb Mathias <openldap.org@postb0x.com>:

> Hi,
> I have trouble understanding a rather simple LDAP config issue that
> I'm sure someone on this list can easily help with:
> How do I add a (or change the) pattern of the bind DN that slapd lets
> me authenticate with?
> I have a working slapd setup that I can happily bind to using DNs of
> the form "cn=Bob Parr,dc=example,dc=com". However, all accounts also
> have a unique "uid" attribute that I would like to use in addition to
> (or, if not possible, instead of) the "cn"-based RDN for binding.
> So, I'd like to (also) bind using the DN "uid=bob,dc=example,dc=com".
> My understanding is that one entry can have several DNs as long as
> each one is unambiguous. Shouldn't I be able to bind with anyone of
> these?

You could create an entry with distinguished name
but I would advise not to do so. Instead configure
olcAuthRegexp accordingly and do a sasl bind.


Dieter KlÃnter | Systemberatung
GPG Key ID:DA147B05