RE: Does saslauthd deference alias objects in LDAP? Should it?

From: Igor Brezac (no email)
Date: Thu Sep 21 2006 - 23:24:08 EDT

  • Next message: Dieter Kluenter: "Re: Looking for canon_user plugin"

    > -----Original Message-----
    > From: [mailto:cyrus-sasl-
    > ] On Behalf Of Torsten Schlabach
    > Sent: Thursday, September 21, 2006 11:23 AM
    > To:
    > Subject: Does saslauthd deference alias objects in LDAP? Should it?
    >
    > Hi!
    >
    > I have a simple and quick question.
    >
    > In LDAP, I can set up alias objects. An alias object is an object
    > pointing to another object. An example:
    >
    > dn: uid=canonicalusername,ou=user,o=orphaned,o=myorg,o=world
    > objectClass: alias
    > objectClass: extensibleObject
    > aliasedObjectName: uid=xyz01606,ou=user,o=orphaned,o=myorg,o=world
    > uid: canonicalusername
    >
    > What I want to achieve is that
    >
    > testsaslauthd -u canonicalusername -p password
    >
    > will show "OK" with the userPassword attribute which is stored in the
    > referenced object, i.e. uid=xyz01606,ou=user,o=orphaned,o=myorg,o=world
    > in that case.
    >
    > I typical use for that would be to allow a user on a system with cryptic
    > IDs to use something easy to remember to sign in, for example his email
    > address. (Though this adds the extra issue that saslauthd splits anyting
    > that contains a '@' into username and realm.)
    >
    > I understand this would not take anything more than adding a parameter
    > to the LDAP query for the username which will tell the LDAP lib to
    > dereference aliases, pretty much like the -a option of ldapsearch. But
    > that option does not seem to exist in saslauthd.
    >
    > Would anyone support putting introducing such a an option?

    Already available:

    ldap_deref: search|find|always|never

    -Igor


  • Next message: Dieter Kluenter: "Re: Looking for canon_user plugin"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD