[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL / External question


Francois Beretti <francois.beretti@enatel.com> writes:

> hello all
> I have some question about sasl / external mechanism
> As I understand it, thanks to a post from Howard, the authentication dn
> is the dn used in the user certificate
> I also think it can be a modification of this dn by sasl-regexp
> But in slapd.conf manpage, in the "sasl-regexp" keyword part,
> it is said that :
> "When an authorization request is received, the SASL USERNAME, REALM,
> and MECHANISM are taken, when available, and combined into a SASL name
> of the form uid=<username>[,cn=<realm>],cn=<mechanism>,cn=auth"
> what is this "username" and when is it provided by the user ? How is it
> related to the dn of the certificate ?

If you have a user certificate already, try 
ldapwhoami -Y EXTERNAL -ZZ
and you will see your SASL username.
> must the dn of the cert be of the form
> "uid=<username>[,cn=<realm>],cn=<mechanism>,cn=auth"
> in order to get the "external" mechanism to be used ?

No, the dn of the certificate should be in the form of your DIT
entry, so the certificate DN can be mapped to the appropriate entry.

Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter@schevolution.com