[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: saslAuthz{To|From}



>
> Using OPENLDAP_REL_ENG_2_2 I now see the realm twice in the input to the
> sasl-regexp rule.
>
> I'm using a rule that looks like:
>
> sasl-regexp uid=(.*)/(.*),cn=DSG.PADL.COM,cn=(.*),cn=auth
> ldap:///DC=dsg,DC=padl,DC=com??sub?(&(objectClass=User)(servicePrincipalName=$1/$2))
>
> Prior to the merge for the authzid "kadmin/admin@DSG.PADL.COM" the input
> would look like:
>
> slap_sasl_getdn: u:id converted to
> uid=kadmin/admin,cn=DSG.PADL.COM,cn=EXTERNAL,cn=auth
>
> Now it looks like:
>
> slap_sasl_getdn: u:id converted to
> uid=kadmin/admin@DSG.PADL.COM,cn=DSG.PADL.COM,cn=EXTERNAL,cn=auth
>
> Should I adjust my rules?

Now an '@' in the userid is no longer treated
as a realm-separator: userids can have '@' inside.
Can you send me a trace of the operation? I don't
have a setup at hand to reproduce it.  The sasl
mapping stuff would suffice.

Ando.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it