[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Trying to get the ldapdb plugin working.
Hi,
Thanks for the input. I got another question.
I got multivalue uids that all have the form username_domain_com and
username@domain.com.
When I try to use these values it seems that the _doman_com part is
removed from the userid. Here's from the log:
Oct 9 10:20:17 elprinsessekaja slapd[3191]: getdn: u:id converted to
uid=auxprop,cn=DIGEST-MD5,cn=auth
Oct 9 10:20:17 elprinsessekaja slapd[3191]: >>> dnNormalize:
<uid=auxprop,cn=DIGEST-MD5,cn=auth>
Oct 9 10:20:17 elprinsessekaja slapd[3191]: <<< dnNormalize:
<uid=auxprop,cn=digest-md5,cn=auth>
Oct 9 10:20:17 elprinsessekaja slapd[3191]: ==>slap_sasl2dn: converting
SASL name uid=auxprop,cn=digest-md5,cn=auth to a DN
Oct 9 10:20:17 elprinsessekaja slapd[3191]: slap_sasl_regexp:
converting SASL name uid=auxprop,cn=digest-md5,cn=auth
Oct 9 10:20:17 elprinsessekaja slapd[3191]: slap_sasl_regexp: converted
SASL name to ldap://o=ispman??sub?uid=auxprop
Oct 9 10:20:17 elprinsessekaja slapd[3191]: slap_parseURI: parsing
ldap://o=ispman??sub?uid=auxprop
Oct 9 10:20:17 elprinsessekaja slapd[3191]: <==slap_sasl2dn: Converted
SASL name to <nothing>
Oct 9 10:20:17 elprinsessekaja slapd[3191]: SASL Canonicalize [conn=1]:
authcDN="uid=auxprop,cn=digest-md5,cn=auth"
Oct 9 10:20:17 elprinsessekaja slapd[3191]: SASL Canonicalize [conn=1]:
authzid="u:tarjei"
I now got the following sasl_regexes:
sasl-regexp
uid=(.*),cn=(.+),cn=digest-md5,cn=auth
uid=$1,ou=users,ispmanDomain=$2,o=ispman
sasl-regexp
uid=(.*),cn=digest-md5,cn=auth ldap://o=ispman??sub?uid=$1
The command I run against imtest is:
imtest -v -u tarjei@nu.no localhost
or
imtest -v -u tarjei_nu_no localhost
Any ideas? It seems to me that the domainpart of the uids is ripped away
somewhere.
Tarjei
> These are not valid sasl-regexp directives. The second part must contain only
> constant text or "$X" string replacements, not pattern specifiers "(.+)".
> Most likely you need to use a search specifier instead of a fixed pattern:
>
> sasl-regexp uid=(.+),cn=DIGEST-MD5,cn=auth
> ldap:///o=ispman??sub?uid=$1
>
> The second pattern may be better as
>
> sasl-regexp uid=(.+),cn=(.+),cn=DIGEST-MD5,cn=auth
> uid=$1,ou=users,ispmanDomain=$2,o=ispman
>
> And of course you should exchange the order; the most specific rule must be
> listed first in order for it to ever be matched.
>
> -- Howard Chu
> Chief Architect, Symas Corp. Director, Highland Sun
> http://www.symas.com http://highlandsun.com/hyc
> Symas: Premier OpenSource Development and Support
>