[Date Prev][Date Next]
Re: SASL Authentication, DNs and supported SASLMechanisms
On 30 Aug 2001 at 18:18, Kurt D. Zeilenga wrote:
> >Is there any way to associate an entry of the above form with a DN of
> >the SASL authorized "uid=username + realm = REALM" form?
> access to dn="(uid=.*),dc=example,dc=com"
> by dn="uid=$1 + realm=REALM" write
Just for clarification--the inference here is that for the ACL system to associate a SASL authenticated
user with a particular entry, the DN must have at least the UID in common with the SASL authname so that
a regex ACL can be created. Currently my user DNs are of the form cn=[full name],ou=People,o=[Company
name],c=CA. There *is* a uid field in each entry, but the uids aren't currently part of the DN. It
looks like I'm going to have to change all my user DNs so that they incorporate the uid. Is this
> >o Once ACLs are actually applied to the server, then SASL aware
> >applications no longer work without specifying an authentication
> >method on the command line (ie, if I use -Y [SASL mech] then it still
> Add an ACLs allowing the root dse to be read...
> access to dn=""
> by * read
I experienced the same difficulty with this as Stéphane did. Attempting to start slapd with the above
ACL results in the following error:
> /usr/local/etc/openldap/slapd.conf: line 50: missing "=" in (or value
> after) "dn" in to clause
Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.