[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL's for SASL compat.
At 04:35 PM 10/6/00 -0400, Marc Heckmann wrote:
>I get a "Can't contact ldap server" error"
That's a bug which I'm working on fixing... disable layers
to workaround (e.g.: -O maxbufsize=0).
>here is the trace:
>
>Oct 6 16:31:49 schoenberg slapd[9297]: do_bind
>Oct 6 16:31:49 schoenberg slapd[9297]: do_sasl_bind: dn () mech DIGEST-MD5
>Oct 6 16:31:50 schoenberg slapd[9297]: SASL Authorize [conn=1]: "testuser" as "u:testuser"
>Oct 6 16:31:50 schoenberg slapd[9297]: slap_sasl_bind: username="u:testuser" realm="schoenberg" ssf=128
>Oct 6 16:31:50 schoenberg slapd[9297]: <== slap_sasl_bind: authzdn: "uid=testuser + realm=schoenberg"
Your authzdn (subject DN) is "uid=testuser + realm=schoenberg",
so your ACLs should be designed to match the normalized subject DN
of "uid=testuser+realm=schoenberg" (note that the + is a regex special
character), for example:
access to * by dn="uid=.+\+realm=schoenberg" read
Kurt