The UidPwdDirAuthentication allows Dogtag to authenticate users using UID and password against an LDAP server. However, currently the authenticator has to map the UID into a DN by doing an additional search operation before it can do a bind operation.
The search operation can be done anonymously, but that will require the LDAP server to accept anonymous connections.
The search can also be done as an authenticated user, but that will require setting up an additional user account with sufficient permissions for the search operation, and an additional bind operation before the search. It will also require Dogtag to store the password in a configuration file.
Another option is to use SASL mechanism to map the UID to a DN on the server side: https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/SASL.html
This way it's no longer necessary to perform an additional search operation or to store the LDAP password in Dogtag.
Proposed milestone: 10.3
Per CS/DS Meeting of 08/03/2015: 10.3
Metadata Update from @edewata: - Issue set to the milestone: UNTRIAGED
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2091
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Metadata Update from @dmoluguw: - Issue close_status updated to: migrated - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.