Hello, I need to bind sometimes with a username that is not in DN format. I have tried to use authz-regexp to translate it but I am not successful.
I have created a few entries and I can authenticate with the Manager DN. I can also authenticate with other entries when I explicitly use a DN, but when I use something that does not start with "dn=", it fails. I have this entry that I want to use for authentication: dn: [email protected],dc=old-domain,dc=Com cn: [email protected] sn: [email protected] objectClass: person userPassword: {hidden} When I use the full DN as an argument of the -D option of ldapsearch it works. I have this in slapd.conf: authz-regexp uid=([^,]*).*,cn=auth cn=$1,dc=old-domain,dc=Com When I run: slapauth [email protected] I see: ID: <[email protected]> check succeeded authcID: <[email protected],dc=old-domain,dc=com> So it looks like it can translate. But when I try to use: ldapsearch -x [email protected] ... I get: ldap_bind: Invalid DN syntax (34) additional info: invalid DN I have a system that sends the "service account" for user searches in this format. I.E. not a DN. I can't change the client. Does anyone have any ideas why SLAPD does not translate? Or do I need to turn on a "allow non-DNs" switch? Or is it actually the ldapsearch command that is complaining. If the latter, is there a way to test? Gary
