[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Bind with alternative DN pattern

To: openldap-technical@openldap.org
Subject: Re: Bind with alternative DN pattern
From: Dieter KlÃnter <dieter@dkluenter.de>
Date: Fri, 13 Jan 2012 08:34:52 +0100
In-reply-to: <CAAV9Cf7HoDR2gWuA1n8qfTcjjSgP3ucWF8or79NGe8O84dNaXw@mail.gmail.com>
Organization: AVCI
References: <CAAV9Cf7HoDR2gWuA1n8qfTcjjSgP3ucWF8or79NGe8O84dNaXw@mail.gmail.com>

Am Fri, 13 Jan 2012 00:30:59 +0100
schrieb Mathias <openldap.org@postb0x.com>:

> Hi,
> 
> I have trouble understanding a rather simple LDAP config issue that
> I'm sure someone on this list can easily help with:
> 
> How do I add a (or change the) pattern of the bind DN that slapd lets
> me authenticate with?
> 
> I have a working slapd setup that I can happily bind to using DNs of
> the form "cn=Bob Parr,dc=example,dc=com". However, all accounts also
> have a unique "uid" attribute that I would like to use in addition to
> (or, if not possible, instead of) the "cn"-based RDN for binding.
> So, I'd like to (also) bind using the DN "uid=bob,dc=example,dc=com".
> My understanding is that one entry can have several DNs as long as
> each one is unambiguous. Shouldn't I be able to bind with anyone of
> these?

You could create an entry with distinguished name
uid=bob,dc=example,dc=com
but I would advise not to do so. Instead configure
olcAuthRegexp accordingly and do a sasl bind.
[...]

-Dieter

-- 
Dieter KlÃnter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53Â37'09,95"N
10Â08'02,42"E

References:
- Bind with alternative DN pattern
  - From: Mathias <openldap.org@postb0x.com>

Prev by Date: Re: Interacting with LDAP via Python module
Next by Date: Re: Bind with alternative DN pattern
Index(es):
- Chronological
- Thread