[Date Prev][Date Next] [Chronological] [Thread] [Top]

multiple sasl-regexp lines not supported (ITS#1968)

To: openldap-its@OpenLDAP.org
Subject: multiple sasl-regexp lines not supported (ITS#1968)
From: quanah@stanford.edu
Date: Wed, 17 Jul 2002 17:59:55 GMT

Full_Name: Quanah Gibson-Mount
Version: 2.1.3
OS: Solaris 8
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (171.64.13.58)


According to the man page for slapd.conf, one should be able to have multiple
sasl-regexp directives.  However, slapd ignores any directives past the first
one.

For example, in my slapd.conf, I have:
sasl-regexp uid=(.*),cn=(.*),cn=gssapi,cn=auth
ldaps:///cn=People,dc=stanford,dc=edu??sub?(krb5PrincipalName=$1@$2)
sasl-regexp uid=(.*),cn=(.*),cn=gssapi,cn=auth
ldaps:///cn=People,dc=stanford,dc=edu??sub?(suKrb5name=$1@$2)

When I do an ldapsearch, I authenticate in as:
uid=quanah,cn=stanford.edu,cn=gssapi,cn=auth

In my record, the attributes are defined as:

krb5PrincipalName=quanah/root@stanford.edu
suKrb5name=quanah@stanford.edu

With the ldapsearch, it tries to do find a matching krb5PrincipalName, which
fails.  It never attempts to resolve suKrb5name to see if that is a valid bind. 
If I comment out the first sasl-regexp line, it correctly finds the matching
suKrb5name attribute, and then correctly authenticates me to my correct bind
DN.

--Quanah

Prev by Date: Re: FW: is the ssl3_send_alert() function public ( part of the API )? (ITS#1954)
Next by Date: slapd seg faults on not finding krb5.conf (ITS#1967)
Index(es):
- Chronological
- Thread