[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: sasl-regexp problems in 2.1.22 (bug found in servers/slapd/saslauthz.c:slap_parseURI())



Hi,

Turbo Fredriksson <turbo@bayour.com> writes:

> I'm running 2.1.22 on my test system at home, but it
> seems like I'm having trouble with the sasl-regexp.
>
> ----- s n i p -----
> sasl-regexp             uid=(.*),cn=(.*),cn=gssapi,cn=auth
>                         ldap://127.0.0.1:389/c=SE??sub?(krb5PrincipalName=$1@BAYOUR.COM)
> [...]
> access to attrs=uid,cn,accountStatus,uidNumber,gidNumber,gecos,homeDirectory,loginShell,krb5PrincipalName,dc,o,ou,objectClass,entry
>         by aci write
>         by domain=.*\.bayour\.com read
>         by peername="IP=127\.0\.0\.1:.*" read
> [...]
> access to *
>         by dn="cn=Turbo Fredriksson,ou=People,o=Fredriksson,c=SE" write
>         by aci write
>         by * none
> ----- s n i p -----
>
> To make this work, I thing I have to make the krb5PrincipalName
> readable to anonymous (?).

Why do you want to use krb5PrincipalName? Is there a particular
reason? 
My saslRegexp maps uid to krb5 pricipal.
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
saslRegexp
     uid=(.*),cn=avci.de,cn=GSSAPI,cn=auth
     ldap:///o=avci,c=de??sub?uid=$1 
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

-.-.-.-.-.-.-.-.-.-.-.-.-.
dieter@marin:~> ldapwhoami
SASL/GSSAPI authentication started
SASL username: dieter@AVCI.DE
SASL SSF: 56
SASL installing layers
dn:cn=dieter kluenter,ou=partner,o=avci,c=de
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de