Hi Dieter,
>>>The auxprop ldapdb combined with an appropriate slapd.conf and a well
>>>defined regex for authTo attribute could do this.
>>
>>I was trying, but not getting anywhere with that. Have you done any
of this successfully?
>
>
> Yes.
I have successfully created such a setup on a test system. I can now
successfully authenticate by passing an alias name instead of the real
username. Wasn't easy, but this works now, but ...
>>>Although there would
>>>be no need to transform nick to userid.
>>
>>Why do you think so? Maybe I have overlooked the obvious and try to
go >>for a way too complex solution?
>
> If you map uid:<nick> --> nickname:<nick> nickname gets authenticated.
I am not sure I understand what you mean exactly here, maybe that's the
point.
The way I am testing this is:
cyradm --user realuser localhost
Enter password.
=> I am in; authorized as realuser.
cyradm --user aliasofuser localhost
Enter password.
=> I am in; but authorized as aliasofuser.
So using the alias to login, I cannot access the user.realuser mailbox.
What kind of mapping are you referring to when you say
> If you map uid:<nick> --> nickname:<nick> nickname gets authenticated.
sasl-regexp ?
I cannot really map there, because I have to match what what originally
entered and use it again in a search, don't I?
Regards,
Torsten
Dieter Kluenter schrieb:
Hi Torsten,
"Torsten Schlabach" <TSchlabach@xxxxxxx> writes:
Hi Dieter,
The auxprop ldapdb combined with an appropriate slapd.conf and a well
defined regex for authTo attribute could do this.
I was trying, but not getting anywhere with that. Have you done any of this successfully?
Yes.
Although there would
be no need to transform nick to userid.
Why do you think so? Maybe I have overlooked the obvious and try to go for a way too complex solution?
If you map uid:<nick> --> nickname:<nick> nickname gets authenticated.
-Dieter
