[Date Prev][Date Next] [Chronological] [Thread] [Top]

change to SASL authzid



Hello all

   After writing a new chapter for the Admin Guide on SASL authentication
and authorization, it was realized that the choice of using cn=authzid in
the sasl regexp directives in slapd.conf was an inaccurate choice. The
directives are used for both authenication and authorization, so a better
choice would have been simply cn=auth.

   I'm submitting changes to servers/slapd/sasl.c in the HEAD branch to
use cn=auth. 

   This means that if you have been using SASL authentication and
authorization, and have written sasl regexp directives in your slapd.conf
file, you will want to change the search patterns to look for

	uid=<username>,cn=<realm>,cn=<mechanism>,cn=auth

once you begin using a new sasl.c and saslauthz.c


  -Mark Adamson
   Carnegie Mellon