[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: GSSAPI Binds openldap 2.1.12
On Thu, Jan 23, 2003 at 12:08:36AM +0100, Dieter Kluenter wrote:
> Have you ever tested with ldapwhoami ?
>
> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
> dieter@marin:/usr/local/bin> ./ldapwhoami
> SASL/GSSAPI authentication started
> SASL username: dieter@AVCI.DE
> SASL SSF: 56
> SASL installing layers
> dn:cn=dieter kluenter,ou=partner,ou=users,o=avci,c=de
> Result: Success (0)
> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
>
> If you don't get a positive result, you should doublecheck
> saslRegexp. By the way, my saslRegexp differs from yours
> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
> saslRegexp
> uid=(.*),cn=GSSAPI,cn=auth
> ldap:///ou=users,o=avci,c=de??sub?uid=$1
> saslRegexp
> uid=(.*),cn=GSSAPI,cn=auth
> uid=$1,ou=users,o=avci,c=de
> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
derek@queasy:/csic/openldap/bin> ./ldapwhoami -Y GSSAPI
SASL/GSSAPI authentication started
SASL SSF: 56
SASL installing layers
dn:uid=derek,ou=staff,dc=csic,dc=umd,dc=edu
Result: Success (0)
So I think it is authenticating correctly, now my problem is that I don't seem to have
the right permissions.
access to attr=uid,uidNumber,gidNumber,homeDirectory,mailLocalAddress
by dn="cn=staff,dc=csic,dc=umd,dc=edu"
by users read
access to attr=loginShell,gecos,cn,mailroutingaddress,mailHost
by dn="cn=staff,dc=csic,dc=umd,dc=edu"
by self write
by users read
--
---
Derek T. Yarnell
University of Maryland
Computer Science Department Unix Staff
derek@cs.umd.edu