[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: sasl UID mapping



On Sun, 11 Jan 2004, Howard Chu wrote:

> What OpenLDAP 2.0 documentation did you read that told you to do this?
> sasl-regexp is not part of OpenLDAP 2.0, it was introduced in OpenLDAP 2.1.
> There is no SASL id mapping in 2.0. If you actually read the documentation
> that was included in your distro you'd notice it is conspicuously absent.

Ok, I've upgraded to 2.1, and still do not seem to have SASL DN 
remapping working:

Jan 18 01:55:46 hibernia slapd[5781]: <= ldbm_back_group: 
"uid=paul,cn=jakma.org,cn=gssapi,cn=auth" not in 
"cn=ldapadmins,ou=ldapgroups,dc=jakma,dc=org": member

Here is what I have in the global section of my slapd.conf:

sasl-regexp
 uid=(.*),cn=(.*),cn=gssapi,cn=auth
 ldap:///ou=people,dc=jakma,dc=org??one?krbName=$1@$2
sasl-regexp
 uid=(.*),cn=gssapi,cn=auth
 ldap:///ou=people,dc=jakma,dc=org??one?krbName=$1@jakma.org

I have tried specifying dn in the attr part of the URI, but no 
difference. The query itself for krbname=paul@jakma.org should work:

[paul@fogarty gpe-irc]$ ldapsearch -s one -b ou=people,dc=jakma,dc=org \
 krbname=paul@jakma.org dn
SASL/GSSAPI authentication started
SASL username: paul@JAKMA.ORG
SASL SSF: 56
SASL installing layers
# extended LDIF
#
# LDAPv3
# base <ou=people,dc=jakma,dc=org> with scope one
# filter: krbname=paul@jakma.org
# requesting: dn 
#

# paul, People, jakma.org
dn: uid=paul,ou=People,dc=jakma,dc=org

# search result
search: 5
result: 0 Success

# numResponses: 2
# numEntries: 1

What am i doing wrong??

regards,
-- 
Paul Jakma	paul@clubi.ie	paul@jakma.org	Key ID: 64A2FF6A
	warning: do not ever send email to spam@dishone.st
Fortune:
Never tell people how to do things.  Tell them WHAT to do and they will
surprise you with their ingenuity.
		-- Gen. George S. Patton, Jr.