[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#3396) slapd crash during SASL Canonicalize
>> sasl-secprops none
>> sasl-realm "CEDAR.UTA.EDU"
>> sasl-host husky.cedar.uta.edu
>> sasl-regexp uid=service/nss/(.*),cn=CEDAR.UTA.EDU,cn=gssapi,cn=auth
>> ldaps:///cn=$1,cn=nss,cn=services,dc=uta,dc=edu
>> sasl-regexp uid=service/(.*),cn=CEDAR.UTA.EDU,cn=gssapi,cn=auth
>> ldaps:///cn=$1,cn=services,dc=uta,dc=edu
>> sasl-regexp uid=(.*),cn=CEDAR.UTA.EDU,cn=gssapi,cn=auth
>> ldaps:///uid=$1,cn=accounts,dc=uta,dc=edu
>
> I think I've found the problem, which could be related to a bug in authz
> mapping in slapd. I'll fix it in a moment in HEAD; but it can be easily
> worked around by changing your sasl-regexp directives. Please try the
> following and report the result:
>
> sasl-regexp "^uid=service/nss/(.*),cn=CEDAR\.UTA\.EDU,cn=gssapi,cn=auth$"
> "dn:cn=$1,cn=nss,cn=services,dc=uta,dc=edu"
> sasl-regexp "^uid=service/(.*),cn=CEDAR\.UTA\.EDU,cn=gssapi,cn=auth$"
> "dn:cn=$1,cn=services,dc=uta,dc=edu"
> sasl-regexp "^uid=(.*),cn=CEDAR\.UTA\.EDU,cn=gssapi,cn=auth$"
> "dn:uid=$1,cn=accounts,dc=uta,dc=edu"
Or, if for any reason you want the internal search to occur, use a
complete filter definition in the URIs, i.e. something like
sasl-regexp "^uid=service/nss/(.*),cn=CEDAR\.UTA\.EDU,cn=gssapi,cn=auth$"
"ldap:///cn=$1,cn=nss,cn=services,dc=uta,dc=edu??base?(objectClass=*)"
sasl-regexp "^uid=service/(.*),cn=CEDAR\.UTA\.EDU,cn=gssapi,cn=auth$"
"ldap:///cn=$1,cn=services,dc=uta,dc=edu??base?(objectClass=*)"
sasl-regexp "^uid=(.*),cn=CEDAR\.UTA\.EDU,cn=gssapi,cn=auth$"
"ldap:///uid=$1,cn=accounts,dc=uta,dc=edu??base?(objectClass=*)"
p.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497