[Date Prev][Date Next] [Chronological] [Thread] [Top]

auth-regexp with SASL/EXTERNAL

To: openldap-software@openldap.org
Subject: auth-regexp with SASL/EXTERNAL
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Sat, 12 May 2007 19:33:36 +0200
User-agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.5 (chestnut, linux)

Hi,
I'm testing OpenLDAP-2.4.4alpha,
this is my ~/.ldaprc, please note the URI statement:

,----[ .ldaprc ]
| TLS_REQCERT try 
| TLS_CACERT /home/dieter/certs/kluenterCA.pem
| BASE o=avci,c=de
| URI ldapi://%2Fusr%2Flocal%2Fvar%2Frun%2Fldapi
`----
 and this is part of cn=config

,----[ cn=config ]
| olcAuthzRegexp: {1}"gidNumber=(.*)\+uidNumber=(.*),cn=peercred,cn=external,cn=
|  auth" "ldap:///o=avci,c=de??sub?(&(uidNumber=$2)(gidNumber=$1))"
`----

When doing ldapwhoami I get

,----[ ldapwhoami ]
| :~> ldapwhoami -Yexternal
| SASL/EXTERNAL authentication started
| SASL username: gidNumber=100+uidNumber=1000,cn=peercred,cn=external,cn=auth
| SASL SSF: 0
| dn:gidNumber=100+uidNumber=1000,cn=peercred,cn=external,cn=auth
`----

while ldapsearch supplies the correct answer:
,----[ ldapsearch ]
| :~> ldapsearch -LLL -Ydigest-md5 "(&(uidNumber=1000)(gidNumber=100))" dn
| SASL/DIGEST-MD5 authentication started
| Please enter your password: 
| SASL username: dieter
| SASL SSF: 128
| SASL data security layer installed.
| dn: cn=Dieter Kluenter,ou=Partner,o=avci,c=de
`----

the slapd auth-regexp has not been changed for ages and worked
perfectly until now, what has changed that makes my auth-regexp not
working anymore?

-Dieter
-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6

Prev by Date: Re: more about perl backend and external perl modules
Next by Date: Re: acl entry causes segfault
Index(es):
- Chronological
- Thread