[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: custom bind attribute

To: Stefano Zanmarchi <zanmarchi@gmail.com>
Subject: Re: custom bind attribute
From: Pierangelo Masarati <ando@sys-net.it>
Date: Tue, 16 Sep 2008 16:56:05 +0200
Cc: openldap-technical@openldap.org
In-reply-to: <fb53dd1e0809152328k44c40591jee7e42a3fc4428aa@mail.gmail.com>
References: <fb53dd1e0809150739p198598f0i3da1e12781a9c7a1@mail.gmail.com> <48CE837D.3010902@OpenLDAP.org> <fb53dd1e0809152328k44c40591jee7e42a3fc4428aa@mail.gmail.com>
User-agent: Thunderbird 2.0.0.16 (X11/20080724)

Stefano Zanmarchi wrote:

Hi,
what I am trying to achieve is to have both a Shibboleth IdP and an Imap
server
(that's why different IPs) authenticate against openldap, with different
credentials.
My aim is to let Openldap handle this difference and let the Imap and IdP
server
unaware of this, they'd just need to do a simple bind.

Well, if you don't have a requirement of different credentials, you could use a multi-valued userPassword, and have it replaced by a single, common value at the first update. This would allow you to ignore the IP the bind request comes from, since the bind would succeed as soon as one of the values of userPassword matches the incoming credentials.

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------

References:
- custom bind attribute
  - From: "Stefano Zanmarchi" <zanmarchi@gmail.com>
- Re: custom bind attribute
  - From: "Stefano Zanmarchi" <zanmarchi@gmail.com>

Prev by Date: RE: LDAP proxy for AD
Next by Date: RE: AW: LDAP proxy for AD -- still no solution
Index(es):
- Chronological
- Thread