[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: sasl UID mapping

To: "'Paul Jakma'" <paul@clubi.ie>
Subject: RE: sasl UID mapping
From: "Howard Chu" <hyc@highlandsun.com>
Date: Sat, 17 Jan 2004 22:56:28 -0800
Cc: "'OpenLDAP list'" <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <Pine.LNX.4.58.0401180613220.26388@fogarty.jakma.org>

> -----Original Message-----
> From: Paul Jakma [mailto:paul@clubi.ie]

> On Sat, 17 Jan 2004, Howard Chu wrote:
> > By the way, you didn't mention exactly what version of
> OpenLDAP 2.1 you
> > installed. 2.1.25 is the latest, with 2.1.26 stewing along.
>
> Fedora openldap-servers-2.1.22-8 rpm.
>
> > > sasl-regexp
> > >  uid=(.*),cn=(.*),cn=gssapi,cn=auth
> > >  ldap:///ou=people,dc=jakma,dc=org???krbName=$1@$2
> >
> > This is not the same regexp you posted before. When you don't
> > specify a scope it defaults to "base". This regexp would map all
> > usernames to ou=people,dc=jakma,dc=org, and the attached log shows
> > this is exactly what it did.
>
> it mightnt be - i've been trying various things. arg. yes. Added sub
> to the scope and it now works! I suspect previously it was ACL
> restriction of lookups on krbname to authenticated users which
> prevented the mapping.

"The devil is in the details." There's a popular saying:

  If you want to enjoy life,
    - don't sweat the small stuff
    - it's All small stuff

Whoever said that probably never worked with computers... Without attention
to detail there is no hope of progress.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

References:
- RE: sasl UID mapping
  - From: Paul Jakma <paul@clubi.ie>

Prev by Date: RE: sasl UID mapping
Next by Date: Mismatch/misunderstanding of LDAP_OPT_REFERRALS and LDAP_OPT_DEREF
Index(es):
- Chronological
- Thread