Looking for canon_user plugin
Torsten Schlabach
tschlabach at gmx.net
Thu Sep 28 11:22:32 EDT 2006
Hi Dieter,
>>>The auxprop ldapdb combined with an appropriate slapd.conf and a well
>>>defined regex for authTo attribute could do this.
>>
>>I was trying, but not getting anywhere with that. Have you done any
of this successfully?
>
>
> Yes.
I have successfully created such a setup on a test system. I can now
successfully authenticate by passing an alias name instead of the real
username. Wasn't easy, but this works now, but ...
>>>Although there would
>>>be no need to transform nick to userid.
>>
>>Why do you think so? Maybe I have overlooked the obvious and try to
go >>for a way too complex solution?
>
> If you map uid:<nick> --> nickname:<nick> nickname gets authenticated.
I am not sure I understand what you mean exactly here, maybe that's the
point.
The way I am testing this is:
cyradm --user realuser localhost
Enter password.
=> I am in; authorized as realuser.
cyradm --user aliasofuser localhost
Enter password.
=> I am in; but authorized as aliasofuser.
So using the alias to login, I cannot access the user.realuser mailbox.
What kind of mapping are you referring to when you say
> If you map uid:<nick> --> nickname:<nick> nickname gets authenticated.
sasl-regexp ?
I cannot really map there, because I have to match what what originally
entered and use it again in a search, don't I?
Regards,
Torsten
Dieter Kluenter schrieb:
> Hi Torsten,
>
> "Torsten Schlabach" <TSchlabach at gmx.net> writes:
>
>
>>Hi Dieter,
>>
>>
>>>The auxprop ldapdb combined with an appropriate slapd.conf and a well
>>>defined regex for authTo attribute could do this.
>>
>>I was trying, but not getting anywhere with that. Have you done any of this successfully?
>
>
> Yes.
>
>
>>>Although there would
>>>be no need to transform nick to userid.
>>
>>Why do you think so? Maybe I have overlooked the obvious and try to go for a way too complex solution?
>
>
> If you map uid:<nick> --> nickname:<nick> nickname gets authenticated.
>
> -Dieter
>
>
More information about the Cyrus-sasl
mailing list