[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
sasl external mech via ldapi
Hi,
with OpenLDAP-2.3.11 it seems that sasl authentication with external
mechanism via ldapi is flawed.
,----
| dieter@rubin:~> ldapwhoami -Y external
| SASL/EXTERNAL authentication started
| SASL username: uidNumber=1000+gidNumber=100,cn=peercred,cn=external,cn=auth
| SASL SSF: 0
| dn:gidNumber=100+uidNumber=1000,cn=peercred,cn=external,cn=auth
| Result: Success (0)
`----
While a ldapsearch
,----
| dieter@rubin:~> ldapsearch -LLL -s sub "(&(uidNumber=1000)(gidNumber=100))"
| SASL/GSSAPI authentication started
| SASL username: dieter@AVCI.DE
| SASL SSF: 56
| SASL installing layers
| dn: cn=Dieter Kluenter,ou=Partner,o=avci,c=de
`----
The authz-regexp
,----
| olcAuthzRegexp: {2}"uidNumber=(.*)\+gidNumber=(.*),cn=peercred,cn=external,cn=
| auth" "ldap:///o=avci,c=de??sub?(&(uidNumber=$1)(gidNumber=$2))"
`----
This worked fine with any OpenLDAP-2.2 version, what has changed in
2.3.x ?
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6