[Date Prev][Date Next] [Chronological] [Thread] [Top]

dn.regex issue


I'm currently trying to setup SASL ldapdb authentication for use with IMAP and 
SMTP. I'm clinging to various posts referring to and the article in Linux 
Magazin 01/05 from Dieter Klünter.

Obviously, something is wrong with my dn.regex in the saslAuthzTo attribute. 
The details:

## What's the saslAuthzTo: attribute:
ldapmodify -D 'cn=admin,dc=mgr' -x -W
Enter LDAP Password:
dn: cn=mail,ou=administrators,ou=it,dc=uac,dc=mgr
saslAuthzTo: dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr
modifying entry "cn=mail,ou=administrators,ou=it,dc=uac,dc=mgr"

## What's failing (slapd -d 1):
===>slap_sasl_match: comparing DN cn=foo test,ou=mailbox,dc=uac,dc=mgr to rule 
dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr
slap_parseURI: parsing dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr
ldap_url_parse_ext(dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr)
>>> dnNormalize: <dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr>
=> ldap_bv2dn(dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr,0)
<= ldap_bv2dn(dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr,0)=84
<===slap_sasl_match: comparison returned 21
<==slap_sasl_check_authz: saslAuthzTo check returning 48
<== slap_sasl_authorized: return 48
SASL Authorize [conn=6]:  authorization disallowed (48)
SASL [conn=6] Failure: not authorized

I think the line:
<= ldap_bv2dn(dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr,0)=84
wants to tell me about some syntax problem, but I cannot see the problem.

Any help appreciated,
 - lars.