My config:
OpenLDAP 2.2.15, compiled from source
SASL/GSSAPI is functional
My problem: I am looking to configure SyncRepl replication, using
GSSAPI for authentication. In doing so, I have a couple (hopefully)
quick SASL + ACL questions:
1) Do I have to map (sasl-regexp) my SASL DN
(uid=ldaprep/myldap.uconn.edu,cn=uconn.edu,cn=gssapi,cn=auth) to a local
DN (uid=ldaprep,ou=accounts,dc=uconn,dc=edu) to use in ACLs, or can I
simply use uid=ldaprep/myldap.uconn.edu,cn=uconn.edu,cn=gssapi,cn=auth
in the "by" clause of an ACL?