Hi Rob,
Thanks for your reply.
The front end is the RedHat Identity Management portal (on Apache HTTP server).
After I enter 'Username' and 'Password', I see that the server performs various searches like searches username@domain.com and uid=username,<FQDN>.
If the user is found my bind pre-op plugin is called with a user DN (SIMPLE BIND ).
If the user is not found, then my pre-op BIND plugin is called, ... but with an empty dn value.
What I am looking for is to get the value of the username in the plugin, even if the user is not found in FreeIPA.
I am not sure if SASL interferes with this process of invoking the pre-op BIND plugin, maybe it's irrelevant..
I see entries in the access log as : " conn=393 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI".
My main problem is that when the user value provided via the front end is not found in Free IPA, I can not get that username, entered in the Front Portal, in my pre-op BIND plugin.
Is it possible to get the username entered in the Front end (even if it does not correspond to a valid user) to be captured via a custom plugin?
Maybe not with the BIND pre-op Plugin but with a different type of plugin?
Any tips, suggestions are very much appreciated.
Thanks,
Elena.
Rob Crittenden ---06/17/2019 03:09:37 PM---Elena Fedorov via FreeIPA-users wrote: > Hello,
From: Rob Crittenden <rcritten@redhat.com>
To: FreeIPA users list <freeipa-users@lists.fedorahosted.org>
Cc: Elena Fedorov <Elena.Fedorov@ca.ibm.com>
Date: 06/17/2019 03:09 PM
Subject: [EXTERNAL] Re: [Freeipa-users] Get username and password via bind preop plugin in FreeIPA