[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SASL / External question
Hi,
Francois Beretti <francois.beretti@enatel.com> writes:
> hello all
>
> I have some question about sasl / external mechanism
>
> As I understand it, thanks to a post from Howard, the authentication dn
> is the dn used in the user certificate
> I also think it can be a modification of this dn by sasl-regexp
>
> But in slapd.conf manpage, in the "sasl-regexp" keyword part,
> it is said that :
> "When an authorization request is received, the SASL USERNAME, REALM,
> and MECHANISM are taken, when available, and combined into a SASL name
> of the form uid=<username>[,cn=<realm>],cn=<mechanism>,cn=auth"
>
> what is this "username" and when is it provided by the user ? How is it
> related to the dn of the certificate ?
If you have a user certificate already, try
ldapwhoami -Y EXTERNAL -ZZ
and you will see your SASL username.
>
> must the dn of the cert be of the form
> "uid=<username>[,cn=<realm>],cn=<mechanism>,cn=auth"
> in order to get the "external" mechanism to be used ?
No, the dn of the certificate should be in the form of your DIT
entry, so the certificate DN can be mapped to the appropriate entry.
--
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter@schevolution.com
http://www.schevolution.com/tour