[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slurpd replication with sasl gssapi

Matthijs Mohlmann wrote:

On Thu, 2004-10-07 at 09:51, Pierangelo Masarati wrote:

Well i hope you can point me out to something...

Well finally my replication works but i've in my updatedn now this:
updatedn        uid=repli,cn=cacholong.nl,cn=gssapi,cn=auth

The problem is the sasl-regexp can someone point me out what's wrong ?

try this:

authz-regexp    uid=([^,]+),cn=cacholong\.nl,cn=gssapi,cn=auth


I do not have an authz-regexp.

Sorry, authz-regexp and sasl-regexp are synonyms but I don't remember
from what version on; authz-regexp is the correct one, the other is legacy.

I tried this one also with sasl-regexp
but that doesn't work. Can you point me out what i'm missing ?

Do you have logs of what goes on when trying to map users from SASL to LDAP?
Your regex is definitley wrong (the dot "." in the domain needs be escaped, and the
search for an exact match like that can be surely replaced by the DN with submatch

A truly correct setup would be

authz-regexp    "^uid=([^,]+),cn=cacholong\.nl,cn=gssapi,cn=auth$"

At this point I suspect user "uid=repli,dc=cacholong,dc=nl" does not exist,
or anonymous has no auth access to it. Can you check the entire authc process,
including ACL checking (debug level 128)?


   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497