[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: dn.regex issue
Hi,
"Dieter Kluenter" <dieter@dkluenter.de> writes:
> Hi,
>
> "Dr. Lars Hanke" <lars@lhanke.de> writes:
>
>> Hi,
>>
>>
>> Obviously, something is wrong with my dn.regex in the saslAuthzTo attribute.
>> The details:
>>
>> ## What's the saslAuthzTo: attribute:
>> ldapmodify -D 'cn=admin,dc=mgr' -x -W
>> Enter LDAP Password:
>> dn: cn=mail,ou=administrators,ou=it,dc=uac,dc=mgr
>> saslAuthzTo: dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr
>> modifying entry "cn=mail,ou=administrators,ou=it,dc=uac,dc=mgr"
>>
>> ## What's failing (slapd -d 1):
>> ===>slap_sasl_match: comparing DN cn=foo test,ou=mailbox,dc=uac,dc=mgr to rule
>> dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr
>> slap_parseURI: parsing dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr
>> ldap_url_parse_ext(dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr)
>>>>> dnNormalize: <dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr>
>> => ldap_bv2dn(dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr,0)
>> <= ldap_bv2dn(dn.regex: cn=(.*),ou=mailbox,dc=uac,dc=mgr,0)=84
>> <===slap_sasl_match: comparison returned 21
>> <==slap_sasl_check_authz: saslAuthzTo check returning 48
>> <== slap_sasl_authorized: return 48
>> SASL Authorize [conn=6]: authorization disallowed (48)
>> SASL [conn=6] Failure: not authorized
>
> It is not the expansion of a regex but an authorization problem,
> please check the access rules.
Sorry, I have to correct myself, error 48 is inappropriate
authorisation, while insufficient access would be error 50.
So the question still is, why error 21 (invalid syntax)? Could you
post your search string?
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:01443B53