[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Trying to get the ldapdb plugin working.

On Thu, 2003-10-09 at 14:51, Igor Brezac wrote:
> You need to use cyrus-imapd 2.2 for this to work.  The domain part may be
> passed to the auxprop as a realm, however Howard's auxprop does not do anything
> with realms.
So virtual domains with user@domain.com ids will not work for now.
Actually, the only problem I'm having with this (or so it seems) is that
the search for the uid user@domain.com gives a dn user_domain_com that
ldapdb doesn't like (it wants user@domain.com,ou=..) but I'm not sure
how to fix that one. 

Anyhow, I got it working now, thanks a lot for your help. I'll try to
write up a document on this quite soon. Again, thanks.

Tarjei

> -Igor
> 
> On Thu, 9 Oct 2003, Tarjei Huse wrote:
> 
> > Hi,
> > Thanks for the input. I got another question.
> >
> > I got multivalue uids that all have the form username_domain_com and
> > username@domain.com.
> >
> > When I try to use these values it seems that the _doman_com part is
> > removed from the userid. Here's from the log:
> >
> > Oct  9 10:20:17 elprinsessekaja slapd[3191]: getdn: u:id converted to
> > uid=auxprop,cn=DIGEST-MD5,cn=auth
> > Oct  9 10:20:17 elprinsessekaja slapd[3191]: >>> dnNormalize:
> > <uid=auxprop,cn=DIGEST-MD5,cn=auth>
> > Oct  9 10:20:17 elprinsessekaja slapd[3191]: <<< dnNormalize:
> > <uid=auxprop,cn=digest-md5,cn=auth>
> > Oct  9 10:20:17 elprinsessekaja slapd[3191]: ==>slap_sasl2dn: converting
> > SASL name uid=auxprop,cn=digest-md5,cn=auth to a DN
> > Oct  9 10:20:17 elprinsessekaja slapd[3191]: slap_sasl_regexp:
> > converting SASL name uid=auxprop,cn=digest-md5,cn=auth
> > Oct  9 10:20:17 elprinsessekaja slapd[3191]: slap_sasl_regexp: converted
> > SASL name to ldap://o=ispman??sub?uid=auxprop
> > Oct  9 10:20:17 elprinsessekaja slapd[3191]: slap_parseURI: parsing
> > ldap://o=ispman??sub?uid=auxprop
> > Oct  9 10:20:17 elprinsessekaja slapd[3191]: <==slap_sasl2dn: Converted
> > SASL name to <nothing>
> > Oct  9 10:20:17 elprinsessekaja slapd[3191]: SASL Canonicalize [conn=1]:
> > authcDN="uid=auxprop,cn=digest-md5,cn=auth"
> > Oct  9 10:20:17 elprinsessekaja slapd[3191]: SASL Canonicalize [conn=1]:
> > authzid="u:tarjei"
> >
> >
> >
> >
> > I now got the following sasl_regexes:
> > sasl-regexp
> >     uid=(.*),cn=(.+),cn=digest-md5,cn=auth
> >         uid=$1,ou=users,ispmanDomain=$2,o=ispman
> >
> > sasl-regexp
> >     uid=(.*),cn=digest-md5,cn=auth ldap://o=ispman??sub?uid=$1
> >
> > The command I run against imtest is:
> > imtest -v  -u tarjei@nu.no  localhost
> > or
> > imtest -v  -u tarjei_nu_no  localhost
> >
> > Any ideas? It seems to me that the domainpart of the uids is ripped away
> > somewhere.
> >
> > Tarjei
> >
> > > These are not valid sasl-regexp directives. The second part must contain only
> > > constant text or "$X" string replacements, not pattern specifiers "(.+)".
> > > Most likely you need to use a search specifier instead of a fixed pattern:
> > >
> > >   sasl-regexp uid=(.+),cn=DIGEST-MD5,cn=auth
> > >     ldap:///o=ispman??sub?uid=$1
> > >
> > > The second pattern may be better as
> > >
> > >   sasl-regexp uid=(.+),cn=(.+),cn=DIGEST-MD5,cn=auth
> > >     uid=$1,ou=users,ispmanDomain=$2,o=ispman
> > >
> > > And of course you should exchange the order; the most specific rule must be
> > > listed first in order for it to ever be matched.
> > >
> > >   -- Howard Chu
> > >   Chief Architect, Symas Corp.       Director, Highland Sun
> > >   http://www.symas.com               http://highlandsun.com/hyc
> > >   Symas: Premier OpenSource Development and Support
> > >
> >
> >