[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: sasl UID mapping



> -----Original Message-----
> From: Paul Jakma [mailto:paul@clubi.ie]

> On Sat, 17 Jan 2004, Howard Chu wrote:
> > By the way, you didn't mention exactly what version of
> OpenLDAP 2.1 you
> > installed. 2.1.25 is the latest, with 2.1.26 stewing along.
>
> Fedora openldap-servers-2.1.22-8 rpm.
>
> > > sasl-regexp
> > >  uid=(.*),cn=(.*),cn=gssapi,cn=auth
> > >  ldap:///ou=people,dc=jakma,dc=org???krbName=$1@$2
> >
> > This is not the same regexp you posted before. When you don't
> > specify a scope it defaults to "base". This regexp would map all
> > usernames to ou=people,dc=jakma,dc=org, and the attached log shows
> > this is exactly what it did.
>
> it mightnt be - i've been trying various things. arg. yes. Added sub
> to the scope and it now works! I suspect previously it was ACL
> restriction of lookups on krbname to authenticated users which
> prevented the mapping.

"The devil is in the details." There's a popular saying:

  If you want to enjoy life,
    - don't sweat the small stuff
    - it's All small stuff

Whoever said that probably never worked with computers... Without attention
to detail there is no hope of progress.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support