[prev in list] [next in list] [prev in thread] [next in thread]
List: openldap-technical
Subject: proxy/backend pointers
From: David LaPorte <david () davidlaporte ! org>
Date: 2017-11-14 14:04:32
Message-ID: 83D6527D-C883-4A24-BED8-83D0DE89BA69 () contoso ! com
[Download RAW message or body]
Hello,
I've done a bit of research, but having some difficulty determining if my use case is \
possible. Here's what I'm trying to do:
We have an old unsupported application that authenticates users using an LDAP bind. \
The credential used for authentication (and what all the internal authorizations are \
tied to) is employee ID. We are moving to LDAP directory that uses email address \
instead of employee ID as the DN - the employee ID is still present as an attribute \
in the new directory and the password remains the same. Since I can't modify the \
problematic application, it's not going away anytime soon, and it's the last thing \
holding up migration to the new directory system, I'm hoping that I can use OpenLDAP \
as a shim between the application and the new directory to do something like the \
following:
* Collect credentials (employee_id, password) during bind
* using a privileged service account, search/bind against the new directory to map \
employee ID attribute to email address DN (like mod_authz_ldap does \
it)
* return the success/failure as result of original bind
I would appreciate any ideas or pointers if this is possible or if there might be a \
better way.
Thanks in advance!
Dave
David LaPorte
david(a)davidlaporte.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic