[Date Prev][Date Next] [Chronological] [Thread] [Top]

Question on GSSAPI-authentication

To: "OpenLDAP-software@OpenLDAP.org" <OpenLDAP-software@OpenLDAP.org>
Subject: Question on GSSAPI-authentication
From: Harry Rüter <harry_rueter@gmx.de>
Date: Tue, 27 Aug 2002 16:10:28 +0200

Hi everybody,

i have question on the GSSAPI-implementation
in v2.1.x (or maybe in how SASL/GSSAPI works).

Suppose i have the following access-rule 

---snipp---
access to attr=uid
   by dn="uid=ldapreplicator,cn=HRNET.DE,cn=GSSAPI,cn=auth" read
   by self write
   by * read
---snipp---

and the saslregexp :

---snipp---
saslRegexp
  uid=.*,cn=HRNET.DE,cn=GSSAPI,cn=auth
  uid=$1,ou=ldap,o=myorganization,dc=hrnet,dc=de
---snipp---

Now, what happens when ldapreplicator,
who is ldapreplicator@HRNET.DE wants to authenticate ?

Is it :

  ldapreplicator@HRNET.DE
translated to
  uid=ldapreplicator,cn=HRNET.DE,cn=GSSAPI,cn=auth
and then (via saslRegexp) translated to
  uid=ldapreplicator,ou=ldap,o=myorganization,dc=hrnet,dc=de

So ldapreplicator must be an entry in the
directory ?
Which objecttclass doe he have ?

Or is there no need for a directory entry ?
What about the password ?

greets 
Harry

PS.: My questions maybe seems to be foolish,
     but i have a serious problem in understanding how
     authentication via GSSAPI really works.

Follow-Ups:
- Re: Question on GSSAPI-authentication
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: Question on GSSAPI-authentication
  - From: Dieter Kluenter <dieter@incode.com>

Prev by Date: Re: newbie question. SASL auth.
Next by Date: RE: "no structuralObjectClass operational attribute" ?
Index(es):
- Chronological
- Thread