> Already available:
>
> ldap_deref: search|find|always|never
Thanks. Should I have found that in any docu?
Interesting enough, I was guessing such a parameter, and had put in
ldap_deref: always
Interesting enough, "always" does not include "find".
If I use "always", I don't find my alias objects at all.
If I use "find", I can see in the LDAP log that the alias object is
found, but a bind to it (using the userPassword of the aliased object)
failes.
Any thoughts?
Regards,
Torsten
Igor Brezac schrieb:
-----Original Message-----
From: cyrus-sasl-bounces@xxxxxxxxxxxxxxxxxxxx [mailto:cyrus-sasl-
bounces@xxxxxxxxxxxxxxxxxxxx] On Behalf Of Torsten Schlabach
Sent: Thursday, September 21, 2006 11:23 AM
To: cyrus-sasl@xxxxxxxxxxxxxxxxxxxx
Subject: Does saslauthd deference alias objects in LDAP? Should it?
Hi!
I have a simple and quick question.
In LDAP, I can set up alias objects. An alias object is an object
pointing to another object. An example:
dn: uid=canonicalusername,ou=user,o=orphaned,o=myorg,o=world
objectClass: alias
objectClass: extensibleObject
aliasedObjectName: uid=xyz01606,ou=user,o=orphaned,o=myorg,o=world
uid: canonicalusername
What I want to achieve is that
testsaslauthd -u canonicalusername -p password
will show "OK" with the userPassword attribute which is stored in the
referenced object, i.e. uid=xyz01606,ou=user,o=orphaned,o=myorg,o=world
in that case.
I typical use for that would be to allow a user on a system with cryptic
IDs to use something easy to remember to sign in, for example his email
address. (Though this adds the extra issue that saslauthd splits anyting
that contains a '@' into username and realm.)
I understand this would not take anything more than adding a parameter
to the LDAP query for the username which will tell the LDAP lib to
dereference aliases, pretty much like the -a option of ldapsearch. But
that option does not seem to exist in saslauthd.
Would anyone support putting introducing such a an option?
Already available:
ldap_deref: search|find|always|never
-Igor
