[Date Prev][Date Next] [Chronological] [Thread] [Top]

Mapping through SASL does not work

To: openldap-software@OpenLDAP.org
Subject: Mapping through SASL does not work
From: torsten_openldap-software@gcrud.org
Date: Mon, 20 Jun 2005 18:13:13 +0200 (CEST)
Importance: Normal
User-agent: SquirrelMail/1.4.2

Hi all,

I am refering to

http://www.openldap.org/doc/admin23/sasl.html#SASL%20Authentication

It says:

[QUOTE]

11.2.4. Mapping Authentication Identities

The authentication mechanism in the slapd server will use SASL library
calls to obtain the authenticated user's "username", based on whatever
underlying authentication mechanism was used. This username is in the
namespace of the authentication mechanism, and not in the normal LDAP
namespace. As stated in the sections above, that username is reformatted
into an authentication request DN of the form

        uid=<username>,cn=<realm>,cn=<mechanism>,cn=auth

or

        uid=<username>,cn=<mechanism>,cn=auth

depending on whether or not <mechanism> employs the concept of "realms".
Note also that the realm part will be omitted if the default realm was
used in the authentication.

[/QUOTE]

Wouldn't this mean in other words that if I do not configure anything
special (basically using the example configuration file for slapd.conf
that comes with the distribution) and I would try to login as "foo" it
should go and search for an entry with the DN uid=foo,cn=XXX,cn=auth in
the database?

Instead I get an error message that binding is not even tried because
"foo" is not a syntactically correct DN.

What did I miss?

Regards,
Torsten

Follow-Ups:
- RE: Mapping through SASL does not work
  - From: "Al Pacifico" <pacifico@drizzle.com>

Prev by Date: Future of OL 2.2 [auf Viren überprüft]
Next by Date: FYI - This list is on www.mail-archive.com now - Searchable!
Index(es):
- Chronological
- Thread