Most LDAP implementations use only the RND or the uid value. Looks like: http://directory.apache.org/apacheds/1.5/21-sasl-authentication-to-apacheds.html Username is matched to 'uid' under a base DN depending on the SASL mechanism being used.
-jim Jim Willeke On Sat, May 21, 2011 at 3:03 AM, Kiran Ayyagari <[email protected]> wrote: > > AFAIK using full DN won't work for SASL it requires just the RDN value > (i.e username/userid) > > On Fri, May 20, 2011 at 7:36 AM, Mathias Clerc <[email protected]> wrote: > > Hello, > > > > I have one question but as I am fairly new to LDAP as a whole it may > > be difficult for you to understand me. > > > > My users have the following structure : > > uid=user,ou=people,ou=division,o=company > > > > I have a user "user1" in "division1" and a user "user1" in > > "division2". Both users are different. > > > > When I do a simple login, I can login to whichever I want using the > > full DN uid=user1,ou=people,ou=division1,o=company or > > uid=user1,ou=people,ou=division2,o=company > > > > To make login easier for the users, I use the following algorythm > > (idea is from apache DS guide) : > > 1) login as a special account > > 2) run a search (&(objectclass=userClass)(uid=username)) with a root > > at o=company > > 3) try to connect to each user found, use the first succefull login as > > current login or send an error if it was not possible to log in with > > any account > > > > This works perfectly until I use SASL. When I connect wit SASL and a > > searchBaseDn set to o=company I can not give a full DN or a DN > > relative to the search base. > > I can log in by using "user1" id, but the following happens : > > uid:user1, password:the one for user1 in division1 : failure > > uid:user1, password:the one for user1 in division2 : success > > > > Is it possible to authenticate with SASL using full DN ? > > Or is it possible to have SASL+LDAP make a distinction between both account > > ? > > Or is it possible to have SASL+LDAP try each user found against the > > password (and not just try one returned randomly) ? > > Or is my setup broken ? > > > > Thank you > > > > > > -- > Kiran Ayyagari
