[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: dn.regex issue
Hi,
"Dr. Lars Hanke" <lars@lhanke.de> writes:
> Hi,
>
> I'm currently trying to setup SASL ldapdb authentication for use with IMAP and
> SMTP. I'm clinging to various posts referring to and the article in Linux
> Magazin 01/05 from Dieter Klünter.
>
> Obviously, something is wrong with my dn.regex in the saslAuthzTo attribute.
> The details:
>
> ## What's the saslAuthzTo: attribute:
> ldapmodify -D 'cn=admin,dc=mgr' -x -W
> Enter LDAP Password:
> dn: cn=mail,ou=administrators,ou=it,dc=uac,dc=mgr
> saslAuthzTo: dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr
> modifying entry "cn=mail,ou=administrators,ou=it,dc=uac,dc=mgr"
>
> ## What's failing (slapd -d 1):
> ===>slap_sasl_match: comparing DN cn=foo test,ou=mailbox,dc=uac,dc=mgr to rule
> dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr
> slap_parseURI: parsing dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr
> ldap_url_parse_ext(dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr)
>>>> dnNormalize: <dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr>
> => ldap_bv2dn(dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr,0)
> <= ldap_bv2dn(dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr,0)=84
> <===slap_sasl_match: comparison returned 21
> <==slap_sasl_check_authz: saslAuthzTo check returning 48
> <== slap_sasl_authorized: return 48
> SASL Authorize [conn=6]: authorization disallowed (48)
> SASL [conn=6] Failure: not authorized
It is not the expansion of a regex but an authorization problem,
please check the access rules.
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:01443B53