I am not using SASL because the client software does not. It uses simple authentication yet it logs into AD using a non-DN user.
I tested with a translation from the user@domain format and that did not get past slapauth. But I then saw something about these being handled like uid=...,cn=auth. When I changed to that as the regex, it worked on slapauth, but not slapd. Is there any way to get OpenLDAP to accept a non-DN name with simple auth? It seems to be rejecting the user before any sort of translation. I also tried "authid-rewriteContext binddn" and "authid-rewriterule" hoping it was early enough in the process. I can use simple auth with user@domain when authenticating to AD. I can use simple auth with user@domain when authenticating to 389 Directory Server. But I can't use either of those because I need to proxy to AD while translating from the old domain name to the new domain name. 389 DS does not do proxies. Is there a way to have slapd accept simple authentication but use SASL under the hood to get translations to work? Gary
