Re: Sponsoring a canon_user plugin for LDAP lookup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Torsten Schlabach wrote:
Howard,

thank you very much for your suggestion.

I think I had tried something with authz-regexp, but are you really sure that Cyrus IMAPd will actually see the rewritten username afterwards? I was able to take this to the point where the apropriate LDAP object was found and used for authentication, but Cyrus IMAPd would have still been looking for a mailbox with the original name rather than the rewritten one.

Hm, right. This will establish the correct DN for authentication, but nothing further; the DN that we get is kept internally. Since it is possible that some other mechanism (like sasldb) may still want to process the username, we don't change the name that SASL propagates. I suppose we could add a flag to the ldapdb configuration to say "use LDAP for the canonical name" and have it set the name in that case.

Well ... will try, I don't remember having used

> --enable-rewrite and manually enabled SLAP_AUTH_REWRITE.

so maybe this is going to do the trick.

Regards,
Torsten
--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/


[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux