[Date Prev][Date Next]
SASL / External question
I have some question about sasl / external mechanism
As I understand it, thanks to a post from Howard, the authentication dn
is the dn used in the user certificate
I also think it can be a modification of this dn by sasl-regexp
But in slapd.conf manpage, in the "sasl-regexp" keyword part,
it is said that :
"When an authorization request is received, the SASL USERNAME, REALM,
and MECHANISM are taken, when available, and combined into a SASL name
of the form uid=<username>[,cn=<realm>],cn=<mechanism>,cn=auth"
what is this "username" and when is it provided by the user ? How is it
related to the dn of the certificate ?
must the dn of the cert be of the form
in order to get the "external" mechanism to be used ?
I read the whole doc, but I think that it is not very clear about SASL /
I understand that the openldap developpers must be _very_ busy, so I
propose to make an add-on to the doc about sasl external once I
understand it, if noone else do it.