[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Mapping through SASL does not work
Hi all,
I am refering to
http://www.openldap.org/doc/admin23/sasl.html#SASL%20Authentication
It says:
[QUOTE]
11.2.4. Mapping Authentication Identities
The authentication mechanism in the slapd server will use SASL library
calls to obtain the authenticated user's "username", based on whatever
underlying authentication mechanism was used. This username is in the
namespace of the authentication mechanism, and not in the normal LDAP
namespace. As stated in the sections above, that username is reformatted
into an authentication request DN of the form
uid=<username>,cn=<realm>,cn=<mechanism>,cn=auth
or
uid=<username>,cn=<mechanism>,cn=auth
depending on whether or not <mechanism> employs the concept of "realms".
Note also that the realm part will be omitted if the default realm was
used in the authentication.
[/QUOTE]
Wouldn't this mean in other words that if I do not configure anything
special (basically using the example configuration file for slapd.conf
that comes with the distribution) and I would try to login as "foo" it
should go and search for an entry with the DN uid=foo,cn=XXX,cn=auth in
the database?
Instead I get an error message that binding is not even tried because
"foo" is not a syntactically correct DN.
What did I miss?
Regards,
Torsten