[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Comparing slapcat output

Howard Chu writes:
>Pierangelo Masarati wrote:
>>>> uidnumber=0+gidnumber=0,cn=peercred,cn=external,cn=auth
>>>> (...)
>>> But why aren't slapd's DN normalization routines being used here
>>> considering it is slapd which adds that?
> (...)
> slapd is hardcoded to generate DNs in this form for SASL/EXTERNAL over
> ldapi.  It's been like this for a long time now, since release 2.2.13.

It doesn't work to use either that DN or gidnumber=0+uidnumber=0,... as
rootdn in OpenLDAP 2.3.4, probably because rootdn does get normalized.

A workaround is to rewrite it to the rootdn with authz-regexp.