[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Fw: Access Control in OpenLDAP 2.1.22

anis writes:
> sasl-regexp
>           uid=(.*),cn=.*,cn=auth
>          id=$1,ou=Users,ou=Appl,o=dzbw,c=de
> sasl-regexp
>           uid=(.*),cn=.*,cn=.*,cn=auth
>           id=$1,ou=Users,ou=Appl,o=dzbw,c=de

Unless OpenLDAP does something strange to regexps, the "(.*)"
in the first regexp matches too much:
With ID "uid=User,cn=Realm,cn=Mechanism,cn=auth" it will match
"User,cn=Realm".  Since you just ingore the realm anyway, I
suggest you replace the two above statements with:

  sasl-regexp  uid=([^,]*),.*  id=$1,ou=Users,ou=Appl,o=dzbw,c=de

("[^xyz]" matches any character except x, y and z.)

Hopefully your UIDs have no commas in them.  If they do, you need a lot
more complex regexps.

I don't know if that's all, though.  I've never used SASL on OpenLDAP.