On Fri, 2005-10-07 at 13:00 -0700, Quanah Gibson-Mount wrote: > > --On Friday, October 07, 2005 12:27 PM -0700 "Kurt D. Zeilenga" > <[EMAIL PROTECTED]> wrote: > > > A number of SASL mechanisms, including > > DIGEST-MD5 (LDAP's mandatory-to-implement "strong" > > authentication mechanism), CRAM-MD5, and PLAIN, > > support authentication identities in the form of a > > simple user name. OpenLDAP Software supports these > > mechanisms through Cyrus SASL. > > > > And, yes, you can map simple user names to DNs. > > See authz-regex in slapd.conf(5). > > > > Note, however, you cannot use a simple user name as > > the LDAP simple bind name as this is required to be > > an LDAP DN. > > And of course, I'm not aware of a single email client that supports SASL > binds (they all live in the LDAP V2 world). I have open bugs about this > against a number of email client software providers (Qualcomm, Apple, > Mozilla).
Given Quanah's comment on SASL availability in most mail clients, and keeping in mind that this __IS__ a hack (and a gross one...) you could do something like database bdb suffix dc=example,dc=com # ... database ldap suffix "" uri ldap://localhost:9011 rewriteEngine on rewriteContext default rewriteRule ".*" "$0,ou=People,dc=example,dc=com" ":@" rewriteContext searchResult rewriteRule "^((.+),)?ou=People,dc=example,dc=com$" "$2" ":@" # These are required for completeness; "suffixmassage" needs work # to accept the empty DN rewriteContext searchAttrDN alias searchResult rewriteContext matchedDN alias searchResult rewriteContext searchFilter In this case, assuming that your user's DN are of the type "uid=foo,ou=People,dc=example,dc=com" all you need to do is configure your clients with "uid=foo"; note the leading "uid=" which makes the identity token "foo" comply with DN syntax requirements. In principle, you could do even more sophisticated stuff, in case the "uid" is not present in the RDN, or user DN do not all follow the same pattern. See slapd-meta(5) (in 2.2; slapo-rwm(5) in 2.3) for details about writing the rules. p. SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497
