Re: Slurpd replication with sasl gssapi

[Pierangelo Masarati <ando@sys-net.it>]

Matthijs Mohlmann wrote:

> On Thu, 2004-10-07 at 09:51, Pierangelo Masarati wrote:
>  
>
> > > > Well i hope you can point me out to something...
> > > >
> > > >        
> > > Well finally my replication works but i've in my updatedn now this:
> > > updatedn        uid=repli,cn=cacholong.nl,cn=gssapi,cn=auth
> > >
> > > The problem is the sasl-regexp can someone point me out what's wrong ?
> > > uid=(.*),cn=cacholong.nl,cn=gssapi,cn=auth
> > > ldap://uid=$1,dc=cacholong,dc=nl
> > >      
> > try this:
> >
> > authz-regexp    uid=([^,]+),cn=cacholong\.nl,cn=gssapi,cn=auth
> >        uid=$1,dc=cacholong,dc=nl
> >
> > p.
> >    
>
> I do not have an authz-regexp.
Sorry, authz-regexp and sasl-regexp are synonyms but I don't remember
from what version on; authz-regexp is the correct one, the other is legacy.

> I tried this one also with sasl-regexp
> but that doesn't work. Can you point me out what i'm missing ?
>  
Do you have logs of what goes on when trying to map users from SASL to LDAP?
Your regex is definitley wrong (the dot "." in the domain needs be 
escaped, and the
search for an exact match like that can be surely replaced by the DN 
with submatch
expansion.

A truly correct setup would be

authz-regexp    "^uid=([^,]+),cn=cacholong\.nl,cn=gssapi,cn=auth$"
       "uid=$1,dc=cacholong,dc=nl"

At this point I suspect user "uid=repli,dc=cacholong,dc=nl" does not exist,
or anonymous has no auth access to it.  Can you check the entire authc 
process,
including ACL checking (debug level 128)?

p.



   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497