Sponsoring a canon_user plugin for LDAP lookup

Howard Chu hyc at highlandsun.com
Fri Jan 12 15:45:10 EST 2007


Torsten Schlabach wrote:
> Howard,
>
> thank you very much for your suggestion.
>
> I think I had tried something with authz-regexp, but are you really 
> sure that Cyrus IMAPd will actually see the rewritten username 
> afterwards? I was able to take this to the point where the apropriate 
> LDAP object was found and used for authentication, but Cyrus IMAPd 
> would have still been looking for a mailbox with the original name 
> rather than the rewritten one.

Hm, right. This will establish the correct DN for authentication, but 
nothing further; the DN that we get is kept internally. Since it is 
possible that some other mechanism (like sasldb) may still want to 
process the username, we don't change the name that SASL propagates.  I 
suppose we could add a flag to the ldapdb configuration to say "use LDAP 
for the canonical name" and have it set the name in that case.
>
> Well ... will try, I don't remember having used
>
> > --enable-rewrite and manually enabled SLAP_AUTH_REWRITE.
>
> so maybe this is going to do the trick.
>
> Regards,
> Torsten
-- 
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/



More information about the Cyrus-sasl mailing list