Re: slapd-{ldap,meta} && authentication

["Pierangelo Masarati" <ando@sys-net.it>]

> Quoting Howard Chu <hyc@symas.com>:
>
>> This is not completely true. back-ldap does support sasl-regexp
>> mapping, or it did the last time I worked with it.
>
> Is there some special trick to get this to work, because the sasl-regexp
> I was using while having a local db don't work...
>
> And I don't want to use HEAD quite yet so I can't try the 'idassert-*'
> stuff.
>
>> I note the original poster is using back-meta, and I have never tested
>> sasl-regexp with back-meta. It very well may never have worked. But
>> certainly back-ldap did.
>
> I've tried both back-ldap AND back-meta. The reason I tried back-meta is
> that (eventually/maybe some day) I'll be partition my DIT and then
> back-meta
> would be better suited to 'join' the DIT...
>
> But for now, I'll stick with back-meta. I can now do simple binds, but not
> GSSAPI.
>

I suggest you stay with back-ldap if you don't need back meta, and boost
up the logs to see what happens with your authz-regexp.  Also, a knowledge
of your authz-policy and authzFrom/authzTo design would be helpful. 
Please simplify the info as much as possible to isolate the problem, and
make sure you don't provide any sensitive info about your system.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497