[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: sasl external mech via ldapi

Dieter Kluenter wrote:
with OpenLDAP-2.3.11 it seems that sasl authentication with external
mechanism via ldapi is flawed.
No, it is correct in 2.3. It was wrong in 2.2.
| dieter@rubin:~> ldapwhoami -Y external
| SASL/EXTERNAL authentication started
| SASL username: uidNumber=1000+gidNumber=100,cn=peercred,cn=external,cn=auth
| dn:gidNumber=100+uidNumber=1000,cn=peercred,cn=external,cn=auth
| Result: Success (0)

Notice that when normalized on the server, the gidNumber comes before the uidNumber.

 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/