Thanks for your help, everyone. Given the lack of SASL support, I think this is looking more and more like a job for our support folks. Education and scripting could get everyone configured correctly.
The config hack could work, but I'm unsure how well we'd be able to support it in a production environment at the moment. I'm definitely filing it away for later use, though. :) Thanks! Sean On 10/8/05, Pierangelo Masarati <[EMAIL PROTECTED]> wrote: > Given Quanah's comment on SASL availability in most mail clients, and > keeping in mind that this __IS__ a hack (and a gross one...) you could > do something like > > database bdb > suffix dc=example,dc=com > # ... > > database ldap > suffix "" > uri ldap://localhost:9011 > rewriteEngine on > rewriteContext default > rewriteRule ".*" "$0,ou=People,dc=example,dc=com" ":@" > rewriteContext searchResult > rewriteRule "^((.+),)?ou=People,dc=example,dc=com$" "$2" ":@" > # These are required for completeness; "suffixmassage" needs work > # to accept the empty DN > rewriteContext searchAttrDN alias searchResult > rewriteContext matchedDN alias searchResult > rewriteContext searchFilter > > In this case, assuming that your user's DN are of the type > "uid=foo,ou=People,dc=example,dc=com" all you need to do is configure > your clients with "uid=foo"; note the leading "uid=" which makes the > identity token "foo" comply with DN syntax requirements. In principle, > you could do even more sophisticated stuff, in case the "uid" is not > present in the RDN, or user DN do not all follow the same pattern. See > slapd-meta(5) (in 2.2; slapo-rwm(5) in 2.3) for details about writing > the rules.
