[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Question on GSSAPI-authentication
Hi everybody,
i have question on the GSSAPI-implementation
in v2.1.x (or maybe in how SASL/GSSAPI works).
Suppose i have the following access-rule
---snipp---
access to attr=uid
by dn="uid=ldapreplicator,cn=HRNET.DE,cn=GSSAPI,cn=auth" read
by self write
by * read
---snipp---
and the saslregexp :
---snipp---
saslRegexp
uid=.*,cn=HRNET.DE,cn=GSSAPI,cn=auth
uid=$1,ou=ldap,o=myorganization,dc=hrnet,dc=de
---snipp---
Now, what happens when ldapreplicator,
who is ldapreplicator@HRNET.DE wants to authenticate ?
Is it :
ldapreplicator@HRNET.DE
translated to
uid=ldapreplicator,cn=HRNET.DE,cn=GSSAPI,cn=auth
and then (via saslRegexp) translated to
uid=ldapreplicator,ou=ldap,o=myorganization,dc=hrnet,dc=de
So ldapreplicator must be an entry in the
directory ?
Which objecttclass doe he have ?
Or is there no need for a directory entry ?
What about the password ?
greets
Harry
PS.: My questions maybe seems to be foolish,
but i have a serious problem in understanding how
authentication via GSSAPI really works.