[Date Prev][Date Next] [Chronological] [Thread] [Top]

dn.regex issue

To: openldap-software@OpenLDAP.org
Subject: dn.regex issue
From: "Dr. Lars Hanke" <lars@lhanke.de>
Date: Sat, 5 Feb 2005 22:50:51 +0100
Content-disposition: inline
Organization: Microsystem Accessory Consult
User-agent: KMail/1.6.2

Hi,

I'm currently trying to setup SASL ldapdb authentication for use with IMAP and 
SMTP. I'm clinging to various posts referring to and the article in Linux 
Magazin 01/05 from Dieter Klünter.

Obviously, something is wrong with my dn.regex in the saslAuthzTo attribute. 
The details:

## What's the saslAuthzTo: attribute:
ldapmodify -D 'cn=admin,dc=mgr' -x -W
Enter LDAP Password:
dn: cn=mail,ou=administrators,ou=it,dc=uac,dc=mgr
saslAuthzTo: dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr
modifying entry "cn=mail,ou=administrators,ou=it,dc=uac,dc=mgr"

## What's failing (slapd -d 1):
===>slap_sasl_match: comparing DN cn=foo test,ou=mailbox,dc=uac,dc=mgr to rule 
dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr
slap_parseURI: parsing dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr
ldap_url_parse_ext(dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr)
>>> dnNormalize: <dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr>
=> ldap_bv2dn(dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr,0)
<= ldap_bv2dn(dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr,0)=84
<===slap_sasl_match: comparison returned 21
<==slap_sasl_check_authz: saslAuthzTo check returning 48
<== slap_sasl_authorized: return 48
SASL Authorize [conn=6]:  authorization disallowed (48)
SASL [conn=6] Failure: not authorized

I think the line:
<= ldap_bv2dn(dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr,0)=84
wants to tell me about some syntax problem, but I cannot see the problem.

Any help appreciated,
 - lars.

Follow-Ups:
- Re: dn.regex issue
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: dn.regex issue
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: Re: unix sockets and localhost and TLS
Next by Date: Berkely DB and OpenLDAP
Index(es):
- Chronological
- Thread