[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Changes 2.0.x -> 2.1.x
Hi List,
i'm trying to find out,
if i can migrate my 2.0.25-server to the
new version 2.1.2.
I now want to use the SASL-enhancements in 2.1.2.
First, my environment :
Suse LINUX 7.1, Kernel 2.4.18
MIT Kerberos 1.2.5
CYRUS SASL 1.5.27
I noticed some differences.
In 2.0.25 i use the following entry in slapd.conf:
updatedn "uid=ldapreplicator\+realm=HRNET.DE"
Now, 2.1.2 doesn't like this anymore and shows an
errormessage : "line 49: updatedn DN is invalid"
So i tried out the following :
updatedn
"uid=ldapreplicator,cn=HRNET.DE,cn=GSSAPI,cn=auth"
Is this the correct, does it mean the same ?
By the way, the documentation doesn't tell to much about
this kind of "authentication"-syntax.
Would the keywords "SASL" , "KERBEROS_V4 and KERBEROS_V5 be
correct instead of "GSSAPI" ?
In the access-statements i use the following synthax
in 2.0.25 :
access to attr=uid
by dn="uid=ldapreplicator.\+realm=HRNET.DE" write
by dn="uid=admin,dc=hrnet,dc=de" read
by anonymous search
by * none
Is this okay, or have i to use another synthax
(because the updatedn-synthax changed) ?
I think of another way :
ldapreplicator@HRNET.DE exists as principal in
KERBEROS-V.
Now, let's say "ldapreplicator" would be in the "dit" as
"uid=ldapreplicator,cn=hrnet,cn=de".
If i would try to authenticate via KERBEROS i could use
the new saslRegexp this way :
saslRegexp
uid=ldapreplicator,cn=hrnet.de,cn=KERBEROS_V5,cn=auth
uid=ldapreplicator,cn=hrnet,cn=de
If i'd like to authenticate via SASL i would
change "cn=KERBEROS_V5" to "cn=SASL" ?
Generally, is there more documentation about
SASL,GSSAPI etc as in chapter 9 of the
"Administrator's guide ..." and if where can i find it ?
greets to the list
Harry