[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: sasl UID mapping

To: Howard Chu <hyc@highlandsun.com>
Subject: RE: sasl UID mapping
From: Paul Jakma <paul@clubi.ie>
Date: Sun, 18 Jan 2004 06:15:20 +0000 (GMT)
Cc: "'OpenLDAP list'" <openldap-software@OpenLDAP.org>
In-reply-to: <045201c3dd7c$fb543970$1801a8c0@CELLO>
References: <045201c3dd7c$fb543970$1801a8c0@CELLO>

On Sat, 17 Jan 2004, Howard Chu wrote:

> By the way, you didn't mention exactly what version of OpenLDAP 2.1 you
> installed. 2.1.25 is the latest, with 2.1.26 stewing along.

Fedora openldap-servers-2.1.22-8 rpm.

> > sasl-regexp
> >  uid=(.*),cn=(.*),cn=gssapi,cn=auth
> >  ldap:///ou=people,dc=jakma,dc=org???krbName=$1@$2
> 
> This is not the same regexp you posted before. When you don't
> specify a scope it defaults to "base". This regexp would map all
> usernames to ou=people,dc=jakma,dc=org, and the attached log shows
> this is exactly what it did.

it mightnt be - i've been trying various things. arg. yes. Added sub 
to the scope and it now works! I suspect previously it was ACL 
restriction of lookups on krbname to authenticated users which 
prevented the mapping.

Thanks very much for the clues!

regards,
-- 
Paul Jakma	paul@clubi.ie	paul@jakma.org	Key ID: 64A2FF6A
	warning: do not ever send email to spam@dishone.st
Fortune:
Everything that can be invented has been invented.
		-- Charles Duell, Director of U.S. Patent Office, 1899

Follow-Ups:
- RE: sasl UID mapping
  - From: "Howard Chu" <hyc@highlandsun.com>

References:
- RE: sasl UID mapping
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: RE: sasl UID mapping
Next by Date: RE: sasl UID mapping
Index(es):
- Chronological
- Thread