Hi all, I am refering to
http://www.openldap.org/doc/admin23/sasl.html#SASL%20Authentication It says: [QUOTE] 11.2.4. Mapping Authentication Identities The authentication mechanism in the slapd server will use SASL library calls to obtain the authenticated user's "username", based on whatever underlying authentication mechanism was used. This username is in the namespace of the authentication mechanism, and not in the normal LDAP namespace. As stated in the sections above, that username is reformatted into an authentication request DN of the form uid=<username>,cn=<realm>,cn=<mechanism>,cn=auth or uid=<username>,cn=<mechanism>,cn=auth depending on whether or not <mechanism> employs the concept of "realms". Note also that the realm part will be omitted if the default realm was used in the authentication. [/QUOTE] Wouldn't this mean in other words that if I do not configure anything special (basically using the example configuration file for slapd.conf that comes with the distribution) and I would try to login as "foo" it should go and search for an entry with the DN uid=foo,cn=XXX,cn=auth in the database? Instead I get an error message that binding is not even tried because "foo" is not a syntactically correct DN. What did I miss? Regards, Torsten
