[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: RES: sasl proxy authorization and regexp

What version of OpenLDAP are you using? I recall there was some work on
the topic, recently, because in 2.1 (and early 2.2) for structural reasons
implicit regex could not work; note that 2.1 does not support explicit
regex.  Can you produce a detailed log of the authz failed attempt?

p.

PS: please do not respond personally (even if my reply was inappropriate:
if you could do authz with exact DN, of course sasl-authz-policy had to be
set appropriately ;)

> Yes, I've already put "sasl-authz-policy to" in slapd.conf, but no
> success.
>
> Raissa
>
>
> -----Mensagem original-----
> De: Pierangelo Masarati [mailto:ando@sys-net.it]
> Enviada: sex 26/3/2004 11:04
> Para: Raissa Dantas Freire de Medeiros
> Cc: openldap-software@OpenLDAP.org
> Assunto: Re: sasl proxy authorization and regexp
>
> see "sasl-authz-policy" in slapd.conf(5) to enable sasl authz.
>
> p.
>
>> Hello!
>>
>> I'm trying to configure SASL proxy authorization in my distributed
>> directory.
>>
>> I added the user uid=joao,cn=campusII,dc=ucb,dc=br in SASL database
>> (joao@ares.cesmic.ucb.br) and in OpenLDAP tree. In OpenLDAP entry, I
>> added the saslAuthzTo attribute as bellow:
>>
>> dn: uid=joao,cn=CampusII,dc=ucb,dc=br
>> changetype: modify
>> add: saslAuthzTo
>> saslAuthzTo: dn.regex:uid=.*,cn=CampusII,dc=ucb,dc=br
>>
>> The ACLs allow read/write for everybody.
>>
>> However, this regexp does not work. If I put
>>
>> dn: uid=joao,cn=CampusII,dc=ucb,dc=br
>> changetype: modify
>> add: saslAuthzTo
>> saslAuthzTo: dn.regex:uid=fgoulart,cn=CampusII,dc=ucb,dc=br
>>
>> the user Joao authorizes the user fgoulart. But when I try to use the
>> regexp, joao does not authorizes fgoulart.
>>
>> Could anybody help me, please?
>>
>> Thanks in advance,
>> Raissa
>
>
> --
> Pierangelo Masarati
> mailto:pierangelo.masarati@sys-net.it


-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it