[Date Prev][Date Next]
RE: sasl UID mapping
On Sat, 17 Jan 2004, Howard Chu wrote:
> By the way, you didn't mention exactly what version of OpenLDAP 2.1 you
> installed. 2.1.25 is the latest, with 2.1.26 stewing along.
Fedora openldap-servers-2.1.22-8 rpm.
> > sasl-regexp
> > uid=(.*),cn=(.*),cn=gssapi,cn=auth
> > ldap:///ou=people,dc=jakma,dc=org???krbName=$1@$2
> This is not the same regexp you posted before. When you don't
> specify a scope it defaults to "base". This regexp would map all
> usernames to ou=people,dc=jakma,dc=org, and the attached log shows
> this is exactly what it did.
it mightnt be - i've been trying various things. arg. yes. Added sub
to the scope and it now works! I suspect previously it was ACL
restriction of lookups on krbname to authenticated users which
prevented the mapping.
Thanks very much for the clues!
Paul Jakma firstname.lastname@example.org email@example.com Key ID: 64A2FF6A
warning: do not ever send email to firstname.lastname@example.org
Everything that can be invented has been invented.
-- Charles Duell, Director of U.S. Patent Office, 1899