[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: sasl UID mapping

On Sat, 17 Jan 2004, Howard Chu wrote:

> By the way, you didn't mention exactly what version of OpenLDAP 2.1 you
> installed. 2.1.25 is the latest, with 2.1.26 stewing along.

Fedora openldap-servers-2.1.22-8 rpm.

> > sasl-regexp
> >  uid=(.*),cn=(.*),cn=gssapi,cn=auth
> >  ldap:///ou=people,dc=jakma,dc=org???krbName=$1@$2
> This is not the same regexp you posted before. When you don't
> specify a scope it defaults to "base". This regexp would map all
> usernames to ou=people,dc=jakma,dc=org, and the attached log shows
> this is exactly what it did.

it mightnt be - i've been trying various things. arg. yes. Added sub 
to the scope and it now works! I suspect previously it was ACL 
restriction of lookups on krbname to authenticated users which 
prevented the mapping.

Thanks very much for the clues!

Paul Jakma	paul@clubi.ie	paul@jakma.org	Key ID: 64A2FF6A
	warning: do not ever send email to spam@dishone.st
Everything that can be invented has been invented.
		-- Charles Duell, Director of U.S. Patent Office, 1899