[Date Prev][Date Next] [Chronological] [Thread] [Top]

Ldap kerberos ticket - GSSAPI

To: openldap-software@OpenLDAP.org
Subject: Ldap kerberos ticket - GSSAPI
From: "Manel Euro" <euro_32@hotmail.com>
Date: Tue, 29 Mar 2005 21:50:33 +0000

Hi, I have configured Kerberos, OpenLdap and Cyrus-Sasl. Everything is working ok . However, I was doing some testing and found the following situation.

When a Kerberos principal, not represented on the ldap directory, runs the command ldapwhoami I get:

SASL/GSSAPI authentication started
SASL username: testePac@EXAMPLE.NET
SASL SSF: 56
SASL installing layers
dn:uid=testepac,cn=example.net,cn=gssapi,cn=auth

when a principal which is also on the directoyr tree runs ldapadmin I get:

SASL/GSSAPI authentication started
SASL username: testeF@EXAMPLE.NET
SASL SSF: 56
SASL installing layers
dn:uid=testef,ou=locationA,ou=people,dc=example,dc=net

So, I see that the dns are different. However, on both situation I get a kerberos TGS ticket for LDAP.

How can I avoid this happening?

sasl-regexp uid=(.+),cn=EXAMPLE.NET,cn=gssapi,cn=auth ldap:///dc=example,dc=net??sub?(|(uid=$1)(krb5PrincipalName=$1@EXAMPLE.NET))

ACLS:

access to *
  by self write
  by users read
  by anonymous read


All ideas are appretiated.

Regards,
M

_________________________________________________________________ Is your PC infected? Get a FREE online computer virus scan from McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

Follow-Ups:
- Re: Ldap kerberos ticket - GSSAPI
  - From: Donn Cave <donn@u.washington.edu>
- Re: Ldap kerberos ticket - GSSAPI
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: Mixed ACL by group & peername
Next by Date: Re: Mixed ACL by group & peername
Index(es):
- Chronological
- Thread