[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Bug in LDAP_CONTROL_PROXY_AUTHZ (ITS#2871)

To: openldap-its@OpenLDAP.org
Subject: Re: Bug in LDAP_CONTROL_PROXY_AUTHZ (ITS#2871)
From: igor@ipass.net
Date: Thu, 11 Dec 2003 20:08:10 GMT

On Thu, 11 Dec 2003, Pierangelo Masarati wrote:

>
> > Full_Name: Igor Brezac
> > Version: 2.1.25
> > OS: Solaris 9
> > URL: ftp://ftp.openldap.org/incoming/
> > Submission from: (NULL) (209.170.142.3)
> >
> >
> > LDAP_CONTROL_PROXY_AUTHZ does not set mech which may create problems for
> > some sasl configurations.  Here is my example.
> >
> > sasl-regexp     uid=(.*),cn=(.*),cn=(.*),cn=auth
> >             associateddomain=$2+cn=$1,ou=people,o=pb
> >
> > sasl-regexp     uid=(.*),cn=(.*),cn=auth
> >             cn=$1,ou=people,ou=admin,o=pb
>
> This is incorrect; try
>
> sasl-regexp     uid=([^,]+),cn=(.*),cn=auth
>             cn=$1,ou=people,ou=admin,o=pb
>
> because regexp in case of ambiguities chooses
> the largest matches.
>

I tried, but it does not make any difference.

>
> >
> > If the first sasl-regexp is not present, the second one would fail as
> > well.
> >
> > ==>slap_sasl2dn: converting SASL name uid=igor,cn=ipass.net,cn=auth to a

I expected this to be uid=igor,cn=ipass.net,cn=<mech>,cn=auth

-Igor

> > DN slap_sasl_regexp: converting SASL name uid=igor,cn=ipass.net,cn=auth
> > slap_sasl_regexp: converted SASL name to cn=igor,ou=people,ou=admin,o=pb
> >
> > I expected something like (from ldapwhoami cmd tool):
> >
> > <<< dnNormalize: <uid=pino,cn=ipass.net,cn=digest-md5,cn=auth>
> > ==>slap_sasl2dn: converting SASL name
> > uid=igor,cn=ipass.net,cn=digest-md5,cn=auth to a DN
> > slap_sasl_regexp: converting SASL name
> > uid=igor,cn=ipass.net,cn=digest-md5,cn=auth
> > slap_sasl_regexp: converted SASL name to
> > associateddomain=ipass.net+cn=igor,ou=people,o=pb
>
>
>

-- 
Igor

Prev by Date: Re: Bug in LDAP_CONTROL_PROXY_AUTHZ (ITS#2871)
Next by Date: labeledURI in system schema (ITS#2873)
Index(es):
- Chronological
- Thread