[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Ldap kerberos ticket - GSSAPI
Hi,
I have configured Kerberos, OpenLdap and Cyrus-Sasl. Everything is working
ok . However, I was doing some testing and found the following situation.
When a Kerberos principal, not represented on the ldap directory, runs the
command ldapwhoami I get:
SASL/GSSAPI authentication started
SASL username: testePac@EXAMPLE.NET
SASL SSF: 56
SASL installing layers
dn:uid=testepac,cn=example.net,cn=gssapi,cn=auth
when a principal which is also on the directoyr tree runs ldapadmin I get:
SASL/GSSAPI authentication started
SASL username: testeF@EXAMPLE.NET
SASL SSF: 56
SASL installing layers
dn:uid=testef,ou=locationA,ou=people,dc=example,dc=net
So, I see that the dns are different. However, on both situation I get a
kerberos TGS ticket for LDAP.
How can I avoid this happening?
sasl-regexp uid=(.+),cn=EXAMPLE.NET,cn=gssapi,cn=auth
ldap:///dc=example,dc=net??sub?(|(uid=$1)(krb5PrincipalName=$1@EXAMPLE.NET))
ACLS:
access to *
by self write
by users read
by anonymous read
All ideas are appretiated.
Regards,
M
_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee®
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963