[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Trying to get the ldapdb plugin working.

To: Tarjei Huse <tarjei@nu.no>
Subject: RE: Trying to get the ldapdb plugin working.
From: Igor Brezac <igor@ipass.net>
Date: Thu, 9 Oct 2003 08:51:09 -0400 (EDT)
Cc: Howard Chu <hyc@symas.com>, "'OpenLDAP'" <openldap-software@OpenLDAP.org>
In-reply-to: <1065688193.3030.60.camel@elprinsessekaja.mail.nu.no>
References: <007f01c38e3b$594032a0$8601a8c0@CELLO> <1065688193.3030.60.camel@elprinsessekaja.mail.nu.no>

You need to use cyrus-imapd 2.2 for this to work.  The domain part may be
passed to the auxprop as a realm, however Howard's auxprop does not do anything
with realms.

-Igor

On Thu, 9 Oct 2003, Tarjei Huse wrote:

> Hi,
> Thanks for the input. I got another question.
>
> I got multivalue uids that all have the form username_domain_com and
> username@domain.com.
>
> When I try to use these values it seems that the _doman_com part is
> removed from the userid. Here's from the log:
>
> Oct  9 10:20:17 elprinsessekaja slapd[3191]: getdn: u:id converted to
> uid=auxprop,cn=DIGEST-MD5,cn=auth
> Oct  9 10:20:17 elprinsessekaja slapd[3191]: >>> dnNormalize:
> <uid=auxprop,cn=DIGEST-MD5,cn=auth>
> Oct  9 10:20:17 elprinsessekaja slapd[3191]: <<< dnNormalize:
> <uid=auxprop,cn=digest-md5,cn=auth>
> Oct  9 10:20:17 elprinsessekaja slapd[3191]: ==>slap_sasl2dn: converting
> SASL name uid=auxprop,cn=digest-md5,cn=auth to a DN
> Oct  9 10:20:17 elprinsessekaja slapd[3191]: slap_sasl_regexp:
> converting SASL name uid=auxprop,cn=digest-md5,cn=auth
> Oct  9 10:20:17 elprinsessekaja slapd[3191]: slap_sasl_regexp: converted
> SASL name to ldap://o=ispman??sub?uid=auxprop
> Oct  9 10:20:17 elprinsessekaja slapd[3191]: slap_parseURI: parsing
> ldap://o=ispman??sub?uid=auxprop
> Oct  9 10:20:17 elprinsessekaja slapd[3191]: <==slap_sasl2dn: Converted
> SASL name to <nothing>
> Oct  9 10:20:17 elprinsessekaja slapd[3191]: SASL Canonicalize [conn=1]:
> authcDN="uid=auxprop,cn=digest-md5,cn=auth"
> Oct  9 10:20:17 elprinsessekaja slapd[3191]: SASL Canonicalize [conn=1]:
> authzid="u:tarjei"
>
>
>
>
> I now got the following sasl_regexes:
> sasl-regexp
>     uid=(.*),cn=(.+),cn=digest-md5,cn=auth
>         uid=$1,ou=users,ispmanDomain=$2,o=ispman
>
> sasl-regexp
>     uid=(.*),cn=digest-md5,cn=auth ldap://o=ispman??sub?uid=$1
>
> The command I run against imtest is:
> imtest -v  -u tarjei@nu.no  localhost
> or
> imtest -v  -u tarjei_nu_no  localhost
>
> Any ideas? It seems to me that the domainpart of the uids is ripped away
> somewhere.
>
> Tarjei
>
> > These are not valid sasl-regexp directives. The second part must contain only
> > constant text or "$X" string replacements, not pattern specifiers "(.+)".
> > Most likely you need to use a search specifier instead of a fixed pattern:
> >
> >   sasl-regexp uid=(.+),cn=DIGEST-MD5,cn=auth
> >     ldap:///o=ispman??sub?uid=$1
> >
> > The second pattern may be better as
> >
> >   sasl-regexp uid=(.+),cn=(.+),cn=DIGEST-MD5,cn=auth
> >     uid=$1,ou=users,ispmanDomain=$2,o=ispman
> >
> > And of course you should exchange the order; the most specific rule must be
> > listed first in order for it to ever be matched.
> >
> >   -- Howard Chu
> >   Chief Architect, Symas Corp.       Director, Highland Sun
> >   http://www.symas.com               http://highlandsun.com/hyc
> >   Symas: Premier OpenSource Development and Support
> >
>
>

-- 
Igor

Follow-Ups:
- RE: Trying to get the ldapdb plugin working.
  - From: Tarjei Huse <tarjei@nu.no>
- RE: Trying to get the ldapdb plugin working.
  - From: "Howard Chu" <hyc@symas.com>

References:
- RE: Trying to get the ldapdb plugin working.
  - From: "Howard Chu" <hyc@symas.com>
- RE: Trying to get the ldapdb plugin working.
  - From: Tarjei Huse <tarjei@nu.no>

Prev by Date: host nsswitch problem
Next by Date: RE: Trying to get the ldapdb plugin working.
Index(es):
- Chronological
- Thread