RE: SOLVED Re[4]: SASL MD5 - another try

["Andrey Nepomnyaschih" <A.Nepomnyaschih@chartpilot.ru>]

You mights try to put something like that:
	sasl-regexp uid=(.*),cn=DIGEST-MD5,cn=auth
	
ldap:///node=33(10),ou=users,dc=startatom,dc=ru??sub?(uid=$1)

Have a good time,
Andrey Nepomnyaschih

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of Alexander
Lunyov
Sent: Friday, July 18, 2003 5:39 PM
To: openldap-software@OpenLDAP.org
Subject: SOLVED Re[4]: SASL MD5 - another try


Hello Dieter,

Friday, July 18, 2003, 2:45:19 PM, you wrote:

>> >>     How to store secrets in LDAP?
>> DK> You may use ldappasswd, or create an *.ldif file, or use a 
>> DK> graphical tool like GQ or Ldapbrowser.
>>     No, i mean how to store SASL secrets in LDAP DB? Maybe i should
do
>>     some configuration over SASL?
DK> It just struck my mind, that your problem might be a sasl realm. As 
DK> default, sasl takes host.domain.tld als realm, unless defined 
DK> otherwise. Could you test with the cyrus-sasl test suite, if the 
DK> sasl authentification string contains the sasl-realm, you provide in

DK> your saslRegexp?

    Bingo! You're genie! It's authorising me! Finally!

    It works with regexp

sasl-regexp uid=(.*),cn=DIGEST-MD5,cn=auth
    uid=$1,node=33(10),ou=users,dc=startatom,dc=ru

    Now next question - how can i modify this regexp, so not only
    users that attached to node=33(10) can authorise? I've tried to
    put it like

sasl-regexp uid=(.*),cn=DIGEST-MD5,cn=auth
    uid=$1,node=(.*),ou=users,dc=startatom,dc=ru

    ...but "user not found" error in here. I don't want to store all
    users in one 'node' or 'ou'. How should i fix this one?

-- 
Best regards,
 Alexander                            mailto:lan_mailing@startatom.ru