[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLdap 2.0.23 , SASL and Mandrake

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Matthieu

> Hello,
> 	I have notice that the new version of Openldap is available
> (OpenLDAP 2.1 Beta). One of its featuring is the 'SASL
> authentication/authorization mapping'. Does it mean that OpenLDAP 2.0.23
> does not support it ?

Correct. In OpenLDAP 2.0, authorization IDs are not allowed. Authentication
IDs are always converted to DNs of the form "uid=<authent_id> +
realm=<realm>". If
the realm is not set and cannot be retrieved from the SASL context, then the
"+ realm..." component is omitted.

In OpenLDAP 2.1, authorization IDs are supported, allowing users to
authenticate as their own SASL ID but then adopt the privileges of the
specified authorization ID. Also, the DN format has changed, and the DNs can
be remapped using regular expressions. See the FAQ for more info on this
subject, or read the slapd.conf man page.
>    I use a machine running Mandrake 8.1 with cyrus-sasl-1.5.27.
>    The command (*):
> 		ldapsearch -h localhost -p 389 -x -b "" -LLL
> supportedSASLMechanisms
>    only return:
>          dn:
>    It's a little bit short, isn't it ?

This usually happens if your SASL installation is not yet fully configured.
Try running the saslpasswd command to create your /etc/sasldb first, and
then see what you get.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support