[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Fw: Access Control in OpenLDAP 2.1.22

To: anis <anbenham@web.de>
Subject: Re: Fw: Access Control in OpenLDAP 2.1.22
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Fri, 16 Apr 2004 18:35:43 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <003201c42385$db7b2600$fe02810a@DSIE6735>
References: <003201c42385$db7b2600$fe02810a@DSIE6735>

anis writes:
> sasl-regexp
>           uid=(.*),cn=.*,cn=auth
>          id=$1,ou=Users,ou=Appl,o=dzbw,c=de
> 
> sasl-regexp
>           uid=(.*),cn=.*,cn=.*,cn=auth
>           id=$1,ou=Users,ou=Appl,o=dzbw,c=de

Unless OpenLDAP does something strange to regexps, the "(.*)"
in the first regexp matches too much:
With ID "uid=User,cn=Realm,cn=Mechanism,cn=auth" it will match
"User,cn=Realm".  Since you just ingore the realm anyway, I
suggest you replace the two above statements with:

  sasl-regexp  uid=([^,]*),.*  id=$1,ou=Users,ou=Appl,o=dzbw,c=de

("[^xyz]" matches any character except x, y and z.)

Hopefully your UIDs have no commas in them.  If they do, you need a lot
more complex regexps.

I don't know if that's all, though.  I've never used SASL on OpenLDAP.

-- 
Hallvard

Follow-Ups:
- Re: Fw: Access Control in OpenLDAP 2.1.22
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Fw: Access Control in OpenLDAP 2.1.22
  - From: "anis" <anbenham@web.de>

Prev by Date: AIX compilation libraries?
Next by Date: Re: Fw: Access Control in OpenLDAP 2.1.22
Index(es):
- Chronological
- Thread