[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL Proxy Authorization

I able to resolve it. Thanks for info.


On Tue, Jun 25, 2013 at 7:49 PM, Dan White <dwhite@olp.net> wrote:
On 06/25/13 18:04 +0530, Vishesh kumar wrote:
Hi Members,

I am trying to get SASL Proxy Authorization in work. GSSAPI authentication
is already in place
++++++++++++

SASL/GSSAPI authentication started
SASL username: admin@LINUXMANTRA.LOCAL
SASL SSF: 56
SASL data security layer installed.
dn:uid=admin,cn=gssapi,cn=auth
++++++++++++++++++++++++++

Do you actually have an entry of uid=admin,cn=gssapi,cn=auth in your tree?
If not, it should map to an actual entry (with authz-regexp), if you are
using authzTo for proxy auth.


But following command giving error
ldapsearch -d 1 -Y GSSAPI -X "uid=vishesh,dc=linuxmantra,dc=local"
-b"dc=linuxmantra,dc=local" -s base

Your -X option should be "dn:uid=vishesh,dc=linuxmantra,dc=local". See the
manpage for ldapsearch, and chapter 15 of the Admin Guide on the website.


I already mentioned "authzTo: dn:uid=vishesh,dc=linuxmantra,dc=local" for
admin DN.

--
Dan White



--
http://linuxmantra.com