[Date Prev][Date Next]
Re: SASL / External question
Francois Beretti <firstname.lastname@example.org> writes:
> hello all
> I have some question about sasl / external mechanism
> As I understand it, thanks to a post from Howard, the authentication dn
> is the dn used in the user certificate
> I also think it can be a modification of this dn by sasl-regexp
> But in slapd.conf manpage, in the "sasl-regexp" keyword part,
> it is said that :
> "When an authorization request is received, the SASL USERNAME, REALM,
> and MECHANISM are taken, when available, and combined into a SASL name
> of the form uid=<username>[,cn=<realm>],cn=<mechanism>,cn=auth"
> what is this "username" and when is it provided by the user ? How is it
> related to the dn of the certificate ?
If you have a user certificate already, try
ldapwhoami -Y EXTERNAL -ZZ
and you will see your SASL username.
> must the dn of the cert be of the form
> in order to get the "external" mechanism to be used ?
No, the dn of the certificate should be in the form of your DIT
entry, so the certificate DN can be mapped to the appropriate entry.
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521