[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: olcAuthzRegexp not matching

To: Quanah Gibson-Mount <quanah@zimbra.com>
Subject: Re: olcAuthzRegexp not matching
From: Brendan Kearney <bpk678@gmail.com>
Date: Wed, 06 May 2015 14:23:42 -0400
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=DcL8ndQYJtRKGtouQ8Kfq717bRxt/Tdq8UodIPceMnU=; b=zsvhJvx0sYiuR/KH+nGK81CrPcTxpNk0u4gCD1J+u7ZcdhApdsJpqey7IwfRlYVsCV 3U3uLIzuMlyJWDEeIyi5/DiFuOSbkTCImv49Vu9I2e6MsbE6/i9QDBryXTIO+UWPtNFm xAPlRGfVx+UuJYaL4LRVsm2nq8KIJoHJJn+Xe1F0RSLDbKDy0yH/n4Zi3akUDe83wHUn jtj5NjrY8Q9opHg3SpuC/+PXenKakfU4cpgck8aioKPdI/QCsCrqKxDM4ZwlzOEDL2To dvCbesmdKr2ozjfEdWKPvNZGwvxGV9dd4YcTl/2/XErfv8kmNPGxZB2gGAviOmIdQQgV xdRQ==
In-reply-to: <554A49D3.3080806@gmail.com>
References: <554A3961.9080105@gmail.com> <BB9C3EB3195DDA9C06C0CFDB@quanah-mac.local> <CAARxGtjFPKVfH2cZ9KOV87o8D02M_qRmem8T0c6K4WMv5fptUw@mail.gmail.com> <98AAED3D484638CF0183E7A6@quanah-mac.local> <554A49D3.3080806@gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0

On 05/06/2015 01:05 PM, Brendan Kearney wrote:

On 05/06/2015 12:39 PM, Quanah Gibson-Mount wrote:



--On May 6, 2015 at 12:14:35 PM -0400 brendan kearney <bpk678@gmail.com>
wrote:


Will have to check.  Right now I only have the sync loglevel turned
on.  I assume something like the stats loglevel would show that?


Correct.

conn=2838 op=3 BIND authcid="imap/test.bpk2.com@BPK2.COM"
authzid="imap/test.bpk2.com@BPK2.COM"

conn=2838 op=3 BIND
dn="uid=imap/test.bpk2.com,ou=domainusers,ou=users,dc=bpk2,dc=com"
mech=GSSAPI sasl_ssf=56 ssf=56

vs

conn=2837 op=3 BIND dn="cn=server2,ou=computers,dc=bpk2,dc=com"
mech=GSSAPI sasl_ssf=56 ssf=56

conn=2837 op=3 BIND authcid="host/server2.bpk2.com@BPK2.COM"
authzid="host/server2.bpk2.com@BPK2.COM"

found it...

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761407

i needed to restart slapd to pick up the newly added mappings.

[root@test dovecot]# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: imap/test.bpk2.com@BPK2.COM

Valid starting       Expires              Service principal
05/06/2015 14:19:20  05/07/2015 14:19:20  krbtgt/BPK2.COM@BPK2.COM
	renew until 05/13/2015 14:19:20

[root@test dovecot]# ldapwhoami -h server1
SASL/GSSAPI authentication started
SASL username: imap/test.bpk2.com@BPK2.COM
SASL SSF: 56
SASL data security layer installed.
dn:uid=mda,ou=processusers,ou=users,dc=bpk2,dc=com

and

[root@test postfix]# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: smtp/test.bpk2.com@BPK2.COM

Valid starting       Expires              Service principal
05/06/2015 14:22:28  05/07/2015 14:22:28  krbtgt/BPK2.COM@BPK2.COM
	renew until 05/13/2015 14:22:28

[root@test postfix]# ldapwhoami -h server2
SASL/GSSAPI authentication started
SASL username: smtp/test.bpk2.com@BPK2.COM
SASL SSF: 56
SASL data security layer installed.
dn:uid=mta,ou=processusers,ou=users,dc=bpk2,dc=com

thanks,

brendan

References:
- olcAuthzRegexp not matching
  - From: Brendan Kearney <bpk678@gmail.com>
- Re: olcAuthzRegexp not matching
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: olcAuthzRegexp not matching
  - From: brendan kearney <bpk678@gmail.com>
- Re: olcAuthzRegexp not matching
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: olcAuthzRegexp not matching
  - From: Brendan Kearney <bpk678@gmail.com>

Prev by Date: Re: olcAuthzRegexp not matching
Next by Date: RE: large write amplification
Index(es):
- Chronological
- Thread