Sponsoring a canon_user plugin for LDAP lookup

Torsten Schlabach tschlabach at gmx.net
Fri Jan 12 16:57:24 EST 2007


Howard,

 > process the username, we don't change the name that SASL propagates.
 > I suppose we could add a flag to the ldapdb configuration to say "use
 > LDAP for the canonical name" and have it set the name in that case.

Sounds good to me. So how about going for that "easy money"?

We'll pay via PayPal!

Regards,
Torsten

Howard Chu schrieb:
> Torsten Schlabach wrote:
> 
>> Howard,
>>
>> thank you very much for your suggestion.
>>
>> I think I had tried something with authz-regexp, but are you really 
>> sure that Cyrus IMAPd will actually see the rewritten username 
>> afterwards? I was able to take this to the point where the apropriate 
>> LDAP object was found and used for authentication, but Cyrus IMAPd 
>> would have still been looking for a mailbox with the original name 
>> rather than the rewritten one.
> 
> 
> Hm, right. This will establish the correct DN for authentication, but 
> nothing further; the DN that we get is kept internally. Since it is 
> possible that some other mechanism (like sasldb) may still want to 
> process the username, we don't change the name that SASL propagates.  I 
> suppose we could add a flag to the ldapdb configuration to say "use LDAP 
> for the canonical name" and have it set the name in that case.
> 
>>
>> Well ... will try, I don't remember having used
>>
>> > --enable-rewrite and manually enabled SLAP_AUTH_REWRITE.
>>
>> so maybe this is going to do the trick.
>>
>> Regards,
>> Torsten


More information about the Cyrus-sasl mailing list