[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Trying to get the ldapdb plugin working.



Hi, 
Thanks for the input. I got another question. 

I got multivalue uids that all have the form username_domain_com and
username@domain.com. 

When I try to use these values it seems that the _doman_com part is
removed from the userid. Here's from the log:

Oct  9 10:20:17 elprinsessekaja slapd[3191]: getdn: u:id converted to
uid=auxprop,cn=DIGEST-MD5,cn=auth
Oct  9 10:20:17 elprinsessekaja slapd[3191]: >>> dnNormalize:
<uid=auxprop,cn=DIGEST-MD5,cn=auth>
Oct  9 10:20:17 elprinsessekaja slapd[3191]: <<< dnNormalize:
<uid=auxprop,cn=digest-md5,cn=auth>
Oct  9 10:20:17 elprinsessekaja slapd[3191]: ==>slap_sasl2dn: converting
SASL name uid=auxprop,cn=digest-md5,cn=auth to a DN
Oct  9 10:20:17 elprinsessekaja slapd[3191]: slap_sasl_regexp:
converting SASL name uid=auxprop,cn=digest-md5,cn=auth
Oct  9 10:20:17 elprinsessekaja slapd[3191]: slap_sasl_regexp: converted
SASL name to ldap://o=ispman??sub?uid=auxprop
Oct  9 10:20:17 elprinsessekaja slapd[3191]: slap_parseURI: parsing
ldap://o=ispman??sub?uid=auxprop
Oct  9 10:20:17 elprinsessekaja slapd[3191]: <==slap_sasl2dn: Converted
SASL name to <nothing>
Oct  9 10:20:17 elprinsessekaja slapd[3191]: SASL Canonicalize [conn=1]:
authcDN="uid=auxprop,cn=digest-md5,cn=auth"
Oct  9 10:20:17 elprinsessekaja slapd[3191]: SASL Canonicalize [conn=1]:
authzid="u:tarjei"


 

I now got the following sasl_regexes:
sasl-regexp
    uid=(.*),cn=(.+),cn=digest-md5,cn=auth
        uid=$1,ou=users,ispmanDomain=$2,o=ispman

sasl-regexp
    uid=(.*),cn=digest-md5,cn=auth ldap://o=ispman??sub?uid=$1

The command I run against imtest is:
imtest -v  -u tarjei@nu.no  localhost
or
imtest -v  -u tarjei_nu_no  localhost

Any ideas? It seems to me that the domainpart of the uids is ripped away
somewhere.

Tarjei

> These are not valid sasl-regexp directives. The second part must contain only
> constant text or "$X" string replacements, not pattern specifiers "(.+)".
> Most likely you need to use a search specifier instead of a fixed pattern:
> 
>   sasl-regexp uid=(.+),cn=DIGEST-MD5,cn=auth
>     ldap:///o=ispman??sub?uid=$1
> 
> The second pattern may be better as
> 
>   sasl-regexp uid=(.+),cn=(.+),cn=DIGEST-MD5,cn=auth
>     uid=$1,ou=users,ispmanDomain=$2,o=ispman
> 
> And of course you should exchange the order; the most specific rule must be
> listed first in order for it to ever be matched.
> 
>   -- Howard Chu
>   Chief Architect, Symas Corp.       Director, Highland Sun
>   http://www.symas.com               http://highlandsun.com/hyc
>   Symas: Premier OpenSource Development and Support
>