[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: olcAuthzRegexp and SASL
On 06/08/2013 06:42 PM, Brendan Kearney wrote:
Thank you, i figured my syntax was wrong. now it seems that i might
have a problem with what i was trying to do.
does the below olcAuthzRegexp convert the auth request DN to the users
DN appropriately?
olcAuthzRegexp: {0}uid=([^,]*),cn=bpk2.com,cn=gssapi,cn=auth uid=
$1,ou=Users,dc=bpk2,dc=com
It depends on the layout of your users' DN. It makes sense.
if i try to add the above as two separate values (broken apart where the
space [' '] is), it fails with constraint violations. it seems that i
should not be trying to make this two values, but that it should remain
as a single entry
Yes, authz-regexp consists in pairs <pattern> <value>.
i am trying to follow the example, which uses slapd.conf syntax but i
need it in cn=config syntax. below is what i am trying to accomplish
for my domain, from the example:
authz-regexp
uid=([^,]*),cn=example.com,cn=gssapi,cn=auth
uid=$1,ou=people,dc=example,dc=com
with that, i think the single value version is what i need. i added an
olcAuthzRegexp where the realm was omitted, and that was taken. that is
why i now think the value should stay as one entry. i now have:
olcAuthzRegexp: {0}uid=([^,]*),cn=bpk2.com,cn=gssapi,cn=auth uid=
$1,ou=Users,dc=bpk2,dc=com
olcAuthzRegexp: {1}uid=([^,]*),cn=gssapi,cn=auth uid=
$1,ou=Users,dc=bpk2,dc=com
and i think this should work. am i correct?
I think you could also use a single value like this:
olcAuthzRegexp: {0}uid=([^,]*)(,cn=bpk2.com)?,cn=gssapi,cn=auth uid=$1,ou=Users,dc=bpk2,dc=com
p.
thank you for the help
On Sat, 2013-06-08 at 17:22 +0200, Pierangelo Masarati wrote:
On 06/08/2013 04:40 PM, Brendan Kearney wrote:
Sent to early, sorry...
I get the error:
ldapmodify: extra lines at end (line 3, entry "cn=config")
i am guessing that i have to escape the embedded space in the line, or
encapsulate the entire line. what is the correct why to delete the line
and re-add it correctly?
Presuming you want to delete that value of olcAuthzRegexp and add two
new values, that's not valid LDIF. You need to do something like
dn: cn=config
changetype: modify
delete: olcAuthzRegexp
olcAuthzRegexp: uid=([^,]+),cn=bpk2.com,cn=gssapi,cn=auth
uid= $1,ou=Users,dc=bpk2,dc=com
-
add: olcAuthzRegexp
olcAuthzRegexp: {0}uid=([^,]*),cn=bpk2.com,cn=gssapi,cn=auth
olcAuthzRegexp: {1}uid=$1,ou=Users,dc=bpk2,dc=com
Note that since olcAuthzRegexp is ordered, you can delete a value by
simply using its number; for example, if the currently present line has
value {0}, simply use
dn: cn=config
changetype: modify
delete: olcAuthzRegexp
olcAuthzRegexp: {0}
-
add: olcAuthzRegexp
olcAuthzRegexp: {0}uid=([^,]*),cn=bpk2.com,cn=gssapi,cn=auth
olcAuthzRegexp: {1}uid=$1,ou=Users,dc=bpk2,dc=com
p.
On Sat, 2013-06-08 at 10:37 -0400, Brendan Kearney wrote:
all,
i am working on getting SASL, Kerberos 5, and LDAP working together. i
buggered an olcAuthzRegexp and need to correct it. i need to remove the
one in place, and replace it with the corrected version. below is what
i am trying:
ldapmodify -QY EXTERNAL -H ldapi:///
dn: cn=config
changetype: delete
olcAuthzRegexp: uid=([^,]+),cn=bpk2.com,cn=gssapi,cn=auth uid=
$1,ou=Users,dc=bpk2,dc=com
-
changetype: modify
add: olcAuthzRegexp
olcAuthzRegexp: {0}uid=([^,]*),cn=bpk2.com,cn=gssapi,cn=auth
olcAuthzRegexp: {1}uid=$1,ou=Users,dc=bpk2,dc=com
(note, the first olcAuthzRegexp that is to be deleted should be all on
one line, and that is why it is wrong. formatting in this message may
change the way it looks.)
the error i get is:
--
Pierangelo Masarati
Associate Professor
Dipartimento di Ingegneria Aerospaziale
Politecnico di Milano