[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: saslAuthz{To|From}

To: Kurt@OpenLDAP.org
Subject: RE: saslAuthz{To|From}
From: Luke Howard <lukeh@PADL.COM>
Date: Wed, 17 Dec 2003 01:00:50 +1100
Cc: hyc@highlandsun.com, ando@sys-net.it, openldap-devel@OpenLDAP.org
Organization: PADL Software Pty Ltd
References: <200312161304.AAA09155@au.padl.com> <6.0.0.22.0.20031216053656.0457c3f0@127.0.0.1>
Versions: dmail (bsd44) 2.4c/makemail 2.9d

>Hence, the general, auto dnauthzid form could be simply
>        uid=userid,cn=MECH,cn=auth

This would make sense.

FWIW, when I authenticate from a non-local Kerberos realm (off.padl.com)
to a slapd in the local realm (dsg.padl.com) the authorization DN looks
like:

	uid=lukeh@off.padl.com,cn=dsg.padl.com,cn=gss-spnego,cn=auth

So I can't see what value "cn=dsg.padl.com" adds as it is always the same.

Anyway, I've changed my regex rules now so I don't mind if it stays
the same :-)

-- Luke

References:
- RE: saslAuthz{To|From}
  - From: Luke Howard <lukeh@PADL.COM>
- RE: saslAuthz{To|From}
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: RE: saslAuthz{To|From}
Next by Date: RE: saslAuthz{To|From}
Index(es):
- Chronological
- Thread