From: Igor Brezac (no email)
Date: Thu Sep 21 2006 - 23:24:08 EDT
> -----Original Message-----
> From: [mailto:cyrus-sasl-
> ] On Behalf Of Torsten Schlabach
> Sent: Thursday, September 21, 2006 11:23 AM
> Subject: Does saslauthd deference alias objects in LDAP? Should it?
> I have a simple and quick question.
> In LDAP, I can set up alias objects. An alias object is an object
> pointing to another object. An example:
> dn: uid=canonicalusername,ou=user,o=orphaned,o=myorg,o=world
> objectClass: alias
> objectClass: extensibleObject
> aliasedObjectName: uid=xyz01606,ou=user,o=orphaned,o=myorg,o=world
> uid: canonicalusername
> What I want to achieve is that
> testsaslauthd -u canonicalusername -p password
> will show "OK" with the userPassword attribute which is stored in the
> referenced object, i.e. uid=xyz01606,ou=user,o=orphaned,o=myorg,o=world
> in that case.
> I typical use for that would be to allow a user on a system with cryptic
> IDs to use something easy to remember to sign in, for example his email
> address. (Though this adds the extra issue that saslauthd splits anyting
> that contains a '@' into username and realm.)
> I understand this would not take anything more than adding a parameter
> to the LDAP query for the username which will tell the LDAP lib to
> dereference aliases, pretty much like the -a option of ldapsearch. But
> that option does not seem to exist in saslauthd.
> Would anyone support putting introducing such a an option?