> -----Original Message----- > From: cyrus-sasl-bounces@xxxxxxxxxxxxxxxxxxxx [mailto:cyrus-sasl- > bounces@xxxxxxxxxxxxxxxxxxxx] On Behalf Of Torsten Schlabach > Sent: Thursday, September 21, 2006 11:23 AM > To: cyrus-sasl@xxxxxxxxxxxxxxxxxxxx > Subject: Does saslauthd deference alias objects in LDAP? Should it? > > Hi! > > I have a simple and quick question. > > In LDAP, I can set up alias objects. An alias object is an object > pointing to another object. An example: > > dn: uid=canonicalusername,ou=user,o=orphaned,o=myorg,o=world > objectClass: alias > objectClass: extensibleObject > aliasedObjectName: uid=xyz01606,ou=user,o=orphaned,o=myorg,o=world > uid: canonicalusername > > What I want to achieve is that > > testsaslauthd -u canonicalusername -p password > > will show "OK" with the userPassword attribute which is stored in the > referenced object, i.e. uid=xyz01606,ou=user,o=orphaned,o=myorg,o=world > in that case. > > I typical use for that would be to allow a user on a system with cryptic > IDs to use something easy to remember to sign in, for example his email > address. (Though this adds the extra issue that saslauthd splits anyting > that contains a '@' into username and realm.) > > I understand this would not take anything more than adding a parameter > to the LDAP query for the username which will tell the LDAP lib to > dereference aliases, pretty much like the -a option of ldapsearch. But > that option does not seem to exist in saslauthd. > > Would anyone support putting introducing such a an option? Already available: ldap_deref: search|find|always|never -Igor
