[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GSSAPI Binds openldap 2.1.12



On Thu, Jan 23, 2003 at 12:08:36AM +0100, Dieter Kluenter wrote:
> Have you ever tested with ldapwhoami ?
> 
> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
> dieter@marin:/usr/local/bin> ./ldapwhoami
> SASL/GSSAPI authentication started
> SASL username: dieter@AVCI.DE
> SASL SSF: 56
> SASL installing layers
> dn:cn=dieter kluenter,ou=partner,ou=users,o=avci,c=de
> Result: Success (0)
> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
> 
> If you don't get a positive result, you should doublecheck
> saslRegexp. By the way, my saslRegexp differs from yours
> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
> saslRegexp
>      uid=(.*),cn=GSSAPI,cn=auth
>      ldap:///ou=users,o=avci,c=de??sub?uid=$1 
> saslRegexp
>     uid=(.*),cn=GSSAPI,cn=auth
>     uid=$1,ou=users,o=avci,c=de
> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

derek@queasy:/csic/openldap/bin> ./ldapwhoami -Y GSSAPI
SASL/GSSAPI authentication started
SASL SSF: 56
SASL installing layers
dn:uid=derek,ou=staff,dc=csic,dc=umd,dc=edu
Result: Success (0)

So I think it is authenticating correctly, now my problem is that I don't seem to have
the right permissions.

access to attr=uid,uidNumber,gidNumber,homeDirectory,mailLocalAddress
        by dn="cn=staff,dc=csic,dc=umd,dc=edu"
        by users read
access to attr=loginShell,gecos,cn,mailroutingaddress,mailHost
        by dn="cn=staff,dc=csic,dc=umd,dc=edu"
        by self write
        by users read

-- 
---
Derek T. Yarnell
University of Maryland
Computer Science Department Unix Staff
derek@cs.umd.edu