Torsten Schlabach wrote:
Howard,
thank you very much for your suggestion.
I think I had tried something with authz-regexp, but are you really
sure that Cyrus IMAPd will actually see the rewritten username
afterwards? I was able to take this to the point where the apropriate
LDAP object was found and used for authentication, but Cyrus IMAPd
would have still been looking for a mailbox with the original name
rather than the rewritten one.
Hm, right. This will establish the correct DN for authentication, but
nothing further; the DN that we get is kept internally. Since it is
possible that some other mechanism (like sasldb) may still want to
process the username, we don't change the name that SASL propagates. I
suppose we could add a flag to the ldapdb configuration to say "use LDAP
for the canonical name" and have it set the name in that case.
Well ... will try, I don't remember having used
> --enable-rewrite and manually enabled SLAP_AUTH_REWRITE.
so maybe this is going to do the trick.
Regards,
Torsten
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
