[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL / External question

To: Liste OpenLDAP Software <openldap-software@OpenLDAP.org>
Subject: SASL / External question
From: Francois Beretti <francois.beretti@enatel.com>
Date: 06 Mar 2003 10:21:23 +0100

hello all

I have some question about sasl / external mechanism

As I understand it, thanks to a post from Howard, the authentication dn
is the dn used in the user certificate
I also think it can be a modification of this dn by sasl-regexp

But in slapd.conf manpage, in the "sasl-regexp" keyword part,
it is said that :
"When an authorization request is received, the SASL USERNAME, REALM,
and MECHANISM are taken, when available, and combined into a SASL name
of the form uid=<username>[,cn=<realm>],cn=<mechanism>,cn=auth"

what is this "username" and when is it provided by the user ? How is it
related to the dn of the certificate ?

must the dn of the cert be of the form
"uid=<username>[,cn=<realm>],cn=<mechanism>,cn=auth"
in order to get the "external" mechanism to be used ?

I read the whole doc, but I think that it is not very clear about SASL /
External
I understand that the openldap developpers must be _very_ busy, so I
propose to make an add-on to the doc about sasl external once I
understand it, if noone else do it.

regards

François Beretti

Follow-Ups:
- RE: SASL / External question
  - From: "Howard Chu" <hyc@highlandsun.com>
- Re: SASL / External question
  - From: Dieter Kluenter <dieter@dkluenter.de>

Prev by Date: RE: SASL/DIGEST-MD5 (fwd)
Next by Date: Re: critical search!!
Index(es):
- Chronological
- Thread