[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: rootdn and sasl-regexp



openldap 2.1 is historic, upgrade to 2.2 (party line)

You configured it to translate all SASL entries into a different name.
So, it is doing exactly what you told it.  It is translating your rootdn
into something that is no longer the rootdn (simple string compare).

Yes, this is exactly what I would expect with the configuration you have
shown.

F


Today at 9:24am, Andreas wrote:

> openldap-2.1.30
> sasl-2.1.19
>
> I have rootdn as an SASL entity (I'm using DIGEST-MD5):
>
> rootdn uid=manager,cn=digest-md5,cn=auth
>
>
> And I also use this sasl-regexp directive to map sasl entities to directory entries for
> the other users:
>
> sasl-regexp uid=([^,]+),cn=digest-md5,cn=auth cn=$1,ou=Pessoas,dc=exemplo,dc=com,dc=br
>
> What happens is that rootdn then gets mapped to cn=manager,ou=Pessoas,dc=exemplo,dc=com,dc=br
> and isn't considered the directory administrator anymore. It has no special meaning anymore
> and I have to add this DN to all my ACLs. Is this expected?
>
>

-- 
Frank Swasey                    | http://www.uvm.edu/~fcs
Informtn Tech Profssnl Sr       | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
        === God bless all inhabitants of your planet ===