[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Preauth error ldap heimdal kerberos



when we apply the mapping setting as shown below :
(sasl regexp)

log_level: -1
pwcheck_method:auxprop saslauthd
mech_list: GSSAPI EXTERNAL LOGIN PLAIN NTLM DIGEST-MD5 CRAM-MD5
auxprop_plugin: slapd
ldapdb_uri:ldaps://10.0.0.12:636/ ldapi:///
ldapdb_id: cn=M@nSpi,,dc=teipir,dc=gr
ldapdb_pw: {SSHA}I3uStTuu03acS7E/Wp85xNBawCqzvgtY
ldapdb_mech: GSSAPI EXTERNAL
ldapdb_starttls: try


on the ldapwhoami command i get:

SASL/GSSAPI authentication started
SASL username: kadmin/admin@TEIPIR.GR
SASL SSF: 56
SASL data security layer installed.
dn:krb5PrincipalName=kadmin/admin@TEIPIR.GR,ou=kerberos,dc=teipir,dc=gr


on the other hand without mapping we get :

SASL/GSSAPI authentication started
SASL username: kadmin/admin@TEIPIR.GR
SASL SSF: 56
SASL data security layer installed.
dn:uid=kadmin/admin,cn=gssapi,cn=auth


+

with the ACL set :
access to * by * write
            by * read
            by * auth

1)i get all the time the value gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
2)and the uid value remains empty....



1)
acl_get: [1] attr krb5KeyVersionNumber
Mar 22 18:25:03 proof slapd[23892]: => acl_mask: access to entry "krb5PrincipalName=krbtgt/TEIPIR.GR@TEIPIR.GR,ou=kerberos,dc=teipir,dc=gr", attr "krb5KeyVersionNumber" requested
Mar 22 18:25:03 proof slapd[23892]: => acl_mask: to value by "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", (=0)


2)
 => access_allowed: auth access to "krb5PrincipalName=kadmin/admin@TEIPIR.GR,ou=kerberos,dc=teipir,dc=gr" "uid" requested
Mar 22 18:27:18 proof slapd[23983]: => acl_get: [1] attr uid
Mar 22 18:27:18 proof slapd[23983]: => acl_mask: access to entry "krb5PrincipalName=kadmin/admin@TEIPIR.GR,ou=kerberos,dc=teipir,dc=gr", attr "uid" requested
Mar 22 18:27:18 proof slapd[23983]: => acl_mask: to value by "", (=0)
Mar 22 18:27:18 proof slapd[23983]: <= check a_dn_pat: *
Mar 22 18:27:18 proof slapd[23983]: <= acl_mask: [1] applying write(=wrscxd) (stop)