[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: krb5PrincipalName and userPassword

Turbo Fredriksson wrote:
"Buchan" == Buchan Milne <bgmilne@staff.telkomsa.net> writes:

Buchan> As such, the LDAP server wasn't even consulted about Buchan> whether it knows anything about your account, only that it Buchan> should map your SASL identity to a DN (that need not exist Buchan> in the directory).

So what's the point of having {SASL} in the userPassword then?

No one ever said there was any point to it. Why are you using it if you don't understand what it's for?

And if it wasn't the sasl regexp, shouldn't my auth req DN be:


And that DN don't have any special access, so how come I got
full access to the object(s), and not the anonymous read access
that I expected?

'only that it should map your SASL identity to a DN'... That's
translated into a 'correct' DN by the sasl regexp - which worked... ?

From the sound of it, yes, the SASL regexp worked as it should. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/