Does saslauthd deference alias objects in LDAP? Should it?

Torsten Schlabach tschlabach at
Thu Sep 21 11:23:21 EDT 2006


I have a simple and quick question.

In LDAP, I can set up alias objects. An alias object is an object 
pointing to another object. An example:

dn: uid=canonicalusername,ou=user,o=orphaned,o=myorg,o=world
objectClass: alias
objectClass: extensibleObject
aliasedObjectName: uid=xyz01606,ou=user,o=orphaned,o=myorg,o=world
uid: canonicalusername

What I want to achieve is that

testsaslauthd -u canonicalusername -p password

will show "OK" with the userPassword attribute which is stored in the 
referenced object, i.e. uid=xyz01606,ou=user,o=orphaned,o=myorg,o=world 
in that case.

I typical use for that would be to allow a user on a system with cryptic 
IDs to use something easy to remember to sign in, for example his email 
address. (Though this adds the extra issue that saslauthd splits anyting 
that contains a '@' into username and realm.)

I understand this would not take anything more than adding a parameter 
to the LDAP query for the username which will tell the LDAP lib to 
dereference aliases, pretty much like the -a option of ldapsearch. But 
that option does not seem to exist in saslauthd.

Would anyone support putting introducing such a an option?


More information about the Cyrus-sasl mailing list