A number of SASL mechanisms, including DIGEST-MD5 (LDAP's mandatory-to-implement "strong" authentication mechanism), CRAM-MD5, and PLAIN, support authentication identities in the form of a simple user name. OpenLDAP Software supports these mechanisms through Cyrus SASL.
And, yes, you can map simple user names to DNs. See authz-regex in slapd.conf(5). Note, however, you cannot use a simple user name as the LDAP simple bind name as this is required to be an LDAP DN. Kurt At 12:00 PM 10/7/2005, Sean Hussey wrote: >Hi everyone, > >We're chugging along, unifying our databases and old LDAP installation >with our new Unified LDAP solution. Everything's going great. > >One of the new policies we have is to not allow anonymous lookups for >address book searches. > >The issue with this is that our client base is...opposed to change. >Now, they would happily comply if all they had to do was put their >username and password somewhere, but putting in the full DN? I think >there would be more typo'ed configs that not. > >Now, I've heard that you can configure OpenLDAP such that binding as >"seanhussey" would alias to >"uid=seanhussey,ou=people,dc=domain,dc=com". > >Was I dreaming, or is this possible? > >We're on 2.2.28 right now, but I'm in the middle of upgrading to 2.2.29. > >Thanks! > >Sean
