Sponsoring a canon_user plugin for LDAP lookup
Howard Chu
hyc at highlandsun.com
Fri Jan 12 15:45:10 EST 2007
Torsten Schlabach wrote:
> Howard,
>
> thank you very much for your suggestion.
>
> I think I had tried something with authz-regexp, but are you really
> sure that Cyrus IMAPd will actually see the rewritten username
> afterwards? I was able to take this to the point where the apropriate
> LDAP object was found and used for authentication, but Cyrus IMAPd
> would have still been looking for a mailbox with the original name
> rather than the rewritten one.
Hm, right. This will establish the correct DN for authentication, but
nothing further; the DN that we get is kept internally. Since it is
possible that some other mechanism (like sasldb) may still want to
process the username, we don't change the name that SASL propagates. I
suppose we could add a flag to the ldapdb configuration to say "use LDAP
for the canonical name" and have it set the name in that case.
>
> Well ... will try, I don't remember having used
>
> > --enable-rewrite and manually enabled SLAP_AUTH_REWRITE.
>
> so maybe this is going to do the trick.
>
> Regards,
> Torsten
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
More information about the Cyrus-sasl
mailing list