[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: auth works with cn=My Name but not with uid=myname

To: openldap-technical@openldap.org
Subject: Re: auth works with cn=My Name but not with uid=myname
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Wed, 15 Jul 2009 15:17:30 +0200
In-reply-to: <717234.5333.qm@web26001.mail.ukl.yahoo.com> (Arne Schirmacher's message of "Wed, 15 Jul 2009 06:06:50 +0000 (GMT)")
References: <717234.5333.qm@web26001.mail.ukl.yahoo.com>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b28 (linux)

Arne Schirmacher <nn4l@yahoo.de> writes:

> This is probably trivial but I can't figure it out:
>
> my OpenLDAP entry has an attribute of cn=My Name, an attribute of uid=myname and a password.
>
> I can successfully log in using JXplorer using
>
> cn=My Name,ou=people,o=my company
>
> but not using
>
> uid=myname,ou=people,o=my company (error code 49 - Invalid Credentials)
>
> However searching with that dn is successful and returns 1 entry, so the uid attribute is in fact there.
>
> Please advise how I could enable the second login method which I need for exim authentication.

Your example is a simple bind, which requires a DN and a password,
uid=myname,o=people,o=my company is not a DN.
If you want to bind with the uid attribute you try a strong bind based
on a sasl mechanism. For this to enable you have to enable an
authz-regexp in cn=config and only allow plaintext passwords.

olcPasswordHash: {CLEARTEXT}
olcAuthzRegexp: {0}"uid=(.*),cn=.*,cn=auth" "ldap:///o=my company??sub?uid=$1"

-Dieter
-- 
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:8EF7B6C6
53°08'09,95"N
10°08'02,42"E

References:
- auth works with cn=My Name but not with uid=myname
  - From: Arne Schirmacher <nn4l@yahoo.de>

Prev by Date: Re: auth works with cn=My Name but not with uid=myname
Next by Date: Re: syncrepl configuration possibilities
Index(es):
- Chronological
- Thread