[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: sasl UID mapping

To: "'Paul Jakma'" <paul@clubi.ie>
Subject: RE: sasl UID mapping
From: "Howard Chu" <hyc@highlandsun.com>
Date: Sat, 17 Jan 2004 18:35:36 -0800
Cc: "'OpenLDAP list'" <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <Pine.LNX.4.58.0401180157440.9620@fogarty.jakma.org>

> -----Original Message-----
> From: Paul Jakma [mailto:paul@clubi.ie]

> On Sun, 11 Jan 2004, Howard Chu wrote:

> Ok, I've upgraded to 2.1, and still do not seem to have SASL DN
> remapping working:
>
> Jan 18 01:55:46 hibernia slapd[5781]: <= ldbm_back_group:
> "uid=paul,cn=jakma.org,cn=gssapi,cn=auth" not in
> "cn=ldapadmins,ou=ldapgroups,dc=jakma,dc=org": member
>
> Here is what I have in the global section of my slapd.conf:
>
> sasl-regexp
>  uid=(.*),cn=(.*),cn=gssapi,cn=auth
>  ldap:///ou=people,dc=jakma,dc=org??one?krbName=$1@$2
> sasl-regexp
>  uid=(.*),cn=gssapi,cn=auth
>  ldap:///ou=people,dc=jakma,dc=org??one?krbName=$1@jakma.org

> What am i doing wrong??

Pulling out my handy crystal ball, I see that your ACLs prevent this from
succeeding.

But seriously, turn up debugging, then look at the sequence of events in the
actual SASL name mapping. It will tell you what it's doing. We can't see what
it's doing from out here, and asking people to guess blindly is not
productive.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

Follow-Ups:
- RE: sasl UID mapping
  - From: Paul Jakma <paul@clubi.ie>

References:
- RE: sasl UID mapping
  - From: Paul Jakma <paul@clubi.ie>

Prev by Date: RE: sasl UID mapping
Next by Date: RE: make test crashes in test020-proxycache
Index(es):
- Chronological
- Thread