[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: sasl UID mapping
On Sun, 11 Jan 2004, Howard Chu wrote:
> What OpenLDAP 2.0 documentation did you read that told you to do this?
> sasl-regexp is not part of OpenLDAP 2.0, it was introduced in OpenLDAP 2.1.
> There is no SASL id mapping in 2.0. If you actually read the documentation
> that was included in your distro you'd notice it is conspicuously absent.
Ok, I've upgraded to 2.1, and still do not seem to have SASL DN
remapping working:
Jan 18 01:55:46 hibernia slapd[5781]: <= ldbm_back_group:
"uid=paul,cn=jakma.org,cn=gssapi,cn=auth" not in
"cn=ldapadmins,ou=ldapgroups,dc=jakma,dc=org": member
Here is what I have in the global section of my slapd.conf:
sasl-regexp
uid=(.*),cn=(.*),cn=gssapi,cn=auth
ldap:///ou=people,dc=jakma,dc=org??one?krbName=$1@$2
sasl-regexp
uid=(.*),cn=gssapi,cn=auth
ldap:///ou=people,dc=jakma,dc=org??one?krbName=$1@jakma.org
I have tried specifying dn in the attr part of the URI, but no
difference. The query itself for krbname=paul@jakma.org should work:
[paul@fogarty gpe-irc]$ ldapsearch -s one -b ou=people,dc=jakma,dc=org \
krbname=paul@jakma.org dn
SASL/GSSAPI authentication started
SASL username: paul@JAKMA.ORG
SASL SSF: 56
SASL installing layers
# extended LDIF
#
# LDAPv3
# base <ou=people,dc=jakma,dc=org> with scope one
# filter: krbname=paul@jakma.org
# requesting: dn
#
# paul, People, jakma.org
dn: uid=paul,ou=People,dc=jakma,dc=org
# search result
search: 5
result: 0 Success
# numResponses: 2
# numEntries: 1
What am i doing wrong??
regards,
--
Paul Jakma paul@clubi.ie paul@jakma.org Key ID: 64A2FF6A
warning: do not ever send email to spam@dishone.st
Fortune:
Never tell people how to do things. Tell them WHAT to do and they will
surprise you with their ingenuity.
-- Gen. George S. Patton, Jr.