please share patch, so we all can take look of it? Eero
2016-02-03 21:35 GMT+02:00 Albrecht Dreß <[email protected]>: > Hi all, > > I am not sure if this is the right place for a proposal which would IMHO > improve the LDAP authentication feature. > > The LDAP authentication feature is really cool, but unfortunately it is a > little limited as the DN must include the user name entered in the > authentication dialogue, which is typically the user ID (uid). In my > OpenLDAP installation, the DN contains the CN ("cn=Jack D. Ripper,dc=..."), > but not the uid. Thus, the "usual" single sign-on is not possible. > > A simple solution would be to optionally /search/ LDAP for the dn matching > "uid=...", and then use the dn returned from the search to bind as password > verification (I think this is what e.g. Apache does). > > Thus, I modified the OpenVAS sources (openvas-libraries-8.0.6) by > - adding a bool flag to optionally use the 'authdn' config item as search > pattern for searching the actual dn, > - adding a search base config item, and > - extending the ldap bind procedure by first binding anonymously and > searching the dn when requested. > > This works just nicely with my OpenLDAP installation which allows an > anonymous search. If this is not possible (as with AD?), two more config > items for a search user dn and password could be added easily. > > Opinions? Are you interested in my solution? > > Cheers > Albrecht. > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
