[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#3396) slapd crash during SASL Canonicalize
Its not crashing anymore but it doesn't seem to be properly converting
the principal either:
Nov 16 13:41:34 husky slapd[5285]: conn=4 op=3 BIND
authcid="digant@CEDAR.UTA.EDU"
Nov 16 13:41:34 husky slapd[5285]: conn=4 op=3 BIND
dn="uid=digant,cn=cedar.uta.edu,cn=gssapi,cn=auth" mech=GSSAPI ssf=56
On Tue, 2004-11-16 at 12:04, ando@sys-net.it wrote:
> >> sasl-secprops none
> >> sasl-realm "CEDAR.UTA.EDU"
> >> sasl-host husky.cedar.uta.edu
> >> sasl-regexp uid=service/nss/(.*),cn=CEDAR.UTA.EDU,cn=gssapi,cn=auth
> >> ldaps:///cn=$1,cn=nss,cn=services,dc=uta,dc=edu
> >> sasl-regexp uid=service/(.*),cn=CEDAR.UTA.EDU,cn=gssapi,cn=auth
> >> ldaps:///cn=$1,cn=services,dc=uta,dc=edu
> >> sasl-regexp uid=(.*),cn=CEDAR.UTA.EDU,cn=gssapi,cn=auth
> >> ldaps:///uid=$1,cn=accounts,dc=uta,dc=edu
> >
> > I think I've found the problem, which could be related to a bug in authz
> > mapping in slapd. I'll fix it in a moment in HEAD; but it can be easily
> > worked around by changing your sasl-regexp directives. Please try the
> > following and report the result:
> >
> > sasl-regexp "^uid=service/nss/(.*),cn=CEDAR\.UTA\.EDU,cn=gssapi,cn=auth$"
> > "dn:cn=$1,cn=nss,cn=services,dc=uta,dc=edu"
> > sasl-regexp "^uid=service/(.*),cn=CEDAR\.UTA\.EDU,cn=gssapi,cn=auth$"
> > "dn:cn=$1,cn=services,dc=uta,dc=edu"
> > sasl-regexp "^uid=(.*),cn=CEDAR\.UTA\.EDU,cn=gssapi,cn=auth$"
> > "dn:uid=$1,cn=accounts,dc=uta,dc=edu"
>
> Or, if for any reason you want the internal search to occur, use a
> complete filter definition in the URIs, i.e. something like
>
> sasl-regexp "^uid=service/nss/(.*),cn=CEDAR\.UTA\.EDU,cn=gssapi,cn=auth$"
> "ldap:///cn=$1,cn=nss,cn=services,dc=uta,dc=edu??base?(objectClass=*)"
> sasl-regexp "^uid=service/(.*),cn=CEDAR\.UTA\.EDU,cn=gssapi,cn=auth$"
> "ldap:///cn=$1,cn=services,dc=uta,dc=edu??base?(objectClass=*)"
> sasl-regexp "^uid=(.*),cn=CEDAR\.UTA\.EDU,cn=gssapi,cn=auth$"
> "ldap:///uid=$1,cn=accounts,dc=uta,dc=edu??base?(objectClass=*)"
>
> p.