[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: sasl-regexp problems in 2.1.22 (bug found in servers/slapd/saslauthz.c:slap_parseURI())
- To: openldap-software@OpenLDAP.org
- Subject: Re: sasl-regexp problems in 2.1.22 (bug found in servers/slapd/saslauthz.c:slap_parseURI())
- From: Dieter Kluenter <dieter@dkluenter.de>
- Date: Fri, 01 Aug 2003 19:56:33 +0200
- In-reply-to: <87d6ftfrb7.fsf@papadoc.bayour.com> (Turbo Fredriksson's message of "29 Jul 2003 14:30:52 +0200")
- References: <87d6ftfrb7.fsf@papadoc.bayour.com>
- User-agent: Gnus/5.1001 (Gnus v5.10.1) XEmacs/21.4 (Portable Code, linux)
Hi,
Turbo Fredriksson <turbo@bayour.com> writes:
> I'm running 2.1.22 on my test system at home, but it
> seems like I'm having trouble with the sasl-regexp.
>
> ----- s n i p -----
> sasl-regexp uid=(.*),cn=(.*),cn=gssapi,cn=auth
> ldap://127.0.0.1:389/c=SE??sub?(krb5PrincipalName=$1@BAYOUR.COM)
> [...]
> access to attrs=uid,cn,accountStatus,uidNumber,gidNumber,gecos,homeDirectory,loginShell,krb5PrincipalName,dc,o,ou,objectClass,entry
> by aci write
> by domain=.*\.bayour\.com read
> by peername="IP=127\.0\.0\.1:.*" read
> [...]
> access to *
> by dn="cn=Turbo Fredriksson,ou=People,o=Fredriksson,c=SE" write
> by aci write
> by * none
> ----- s n i p -----
>
> To make this work, I thing I have to make the krb5PrincipalName
> readable to anonymous (?).
Why do you want to use krb5PrincipalName? Is there a particular
reason?
My saslRegexp maps uid to krb5 pricipal.
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
saslRegexp
uid=(.*),cn=avci.de,cn=GSSAPI,cn=auth
ldap:///o=avci,c=de??sub?uid=$1
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
-.-.-.-.-.-.-.-.-.-.-.-.-.
dieter@marin:~> ldapwhoami
SASL/GSSAPI authentication started
SASL username: dieter@AVCI.DE
SASL SSF: 56
SASL installing layers
dn:cn=dieter kluenter,ou=partner,o=avci,c=de
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
-Dieter
--
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de