[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
multiple sasl-regexp lines not supported (ITS#1968)
Full_Name: Quanah Gibson-Mount
Version: 2.1.3
OS: Solaris 8
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (171.64.13.58)
According to the man page for slapd.conf, one should be able to have multiple
sasl-regexp directives. However, slapd ignores any directives past the first
one.
For example, in my slapd.conf, I have:
sasl-regexp uid=(.*),cn=(.*),cn=gssapi,cn=auth
ldaps:///cn=People,dc=stanford,dc=edu??sub?(krb5PrincipalName=$1@$2)
sasl-regexp uid=(.*),cn=(.*),cn=gssapi,cn=auth
ldaps:///cn=People,dc=stanford,dc=edu??sub?(suKrb5name=$1@$2)
When I do an ldapsearch, I authenticate in as:
uid=quanah,cn=stanford.edu,cn=gssapi,cn=auth
In my record, the attributes are defined as:
krb5PrincipalName=quanah/root@stanford.edu
suKrb5name=quanah@stanford.edu
With the ldapsearch, it tries to do find a matching krb5PrincipalName, which
fails. It never attempts to resolve suKrb5name to see if that is a valid bind.
If I comment out the first sasl-regexp line, it correctly finds the matching
suKrb5name attribute, and then correctly authenticates me to my correct bind
DN.
--Quanah