[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL / External question

hello all

I have some question about sasl / external mechanism

As I understand it, thanks to a post from Howard, the authentication dn
is the dn used in the user certificate
I also think it can be a modification of this dn by sasl-regexp

But in slapd.conf manpage, in the "sasl-regexp" keyword part,
it is said that :
"When an authorization request is received, the SASL USERNAME, REALM,
and MECHANISM are taken, when available, and combined into a SASL name
of the form uid=<username>[,cn=<realm>],cn=<mechanism>,cn=auth"

what is this "username" and when is it provided by the user ? How is it
related to the dn of the certificate ?

must the dn of the cert be of the form
in order to get the "external" mechanism to be used ?

I read the whole doc, but I think that it is not very clear about SASL /
I understand that the openldap developpers must be _very_ busy, so I
propose to make an add-on to the doc about sasl external once I
understand it, if noone else do it.


François Beretti