On Fri, 2006-01-20 at 16:16 -0600, Eric Irrgang wrote: > I already have my target directory set up that way but I don't know how to > do identity assertion from a regular ldap client without using SASL. Is > there a way? For instance, the following fails with "ldapsearch: not > compiled with SASL support" > > ldapsearch -x -W -D cn=authorizeduser,dc=test -X cn=config,dc=test
No. The message seems to indicate that your client doesn't have SASL compiled in, but in any case the -x prevents it from doing a SASL bind, so you should use something different. But, as I said before, authorization and SASL are orthogonal. Without mucking with SASL, you can use: ldapsearch -x -W -D cn=authorizeduser,dc=test \ -e '!authzid=dn:cn=config,dc=test' this causes the tool to use the proxyAuthz control on that operation (the '!' is because the control MUST be critical). p. Ing. Pierangelo Masarati Responsabile Open Solution OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: [EMAIL PROTECTED] ------------------------------------------