[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: sasl UID mapping
--On Sunday, January 18, 2004 3:51 AM +0000 Paul Jakma <paul@clubi.ie>
wrote:
Paul,
I'm going to give you a helping hand. :)
We use GSSAPI to auth to our servers.
Here is our SASL regexp:
sasl-regexp uid=(.*),cn=(.*),cn=gssapi,cn=auth
ldaps:///cn=People,dc=stanford,dc=edu??sub?krb5PrincipalName=$1@$2
Here's the beginning of our ACL file that allows this to happen without
given read access:
# $Id: slapd.acl,v 1.124 2003/12/18 03:16:42 quanah Exp $
# ACL include file for slapd
#
access to dn.base=""
by * read
access to dn.base="cn=monitor"
by * read
access to *
by group.base="cn=ldapAdmin,cn=Applications,dc=stanford,dc=edu"
sasl_ssf=56 read
by * break
access to attrs=krb5PrincipalName,member,suseasstatus
by anonymous compare
by * break
access to attrs=entry
by * read
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html