[Date Prev][Date Next] [Chronological] [Thread] [Top]

sasl external mech via ldapi

To: openldap-software@OpenLDAP.org
Subject: sasl external mech via ldapi
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Mon, 17 Oct 2005 12:14:56 +0200
User-agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.5 (chestnut, linux)

Hi,
with OpenLDAP-2.3.11 it seems that sasl authentication with external
mechanism via ldapi is flawed.

,----
| dieter@rubin:~> ldapwhoami -Y external
| SASL/EXTERNAL authentication started
| SASL username: uidNumber=1000+gidNumber=100,cn=peercred,cn=external,cn=auth
| SASL SSF: 0
| dn:gidNumber=100+uidNumber=1000,cn=peercred,cn=external,cn=auth
| Result: Success (0)
`----

While a ldapsearch 
,----
| dieter@rubin:~> ldapsearch -LLL -s sub "(&(uidNumber=1000)(gidNumber=100))"
| SASL/GSSAPI authentication started
| SASL username: dieter@AVCI.DE
| SASL SSF: 56
| SASL installing layers
| dn: cn=Dieter Kluenter,ou=Partner,o=avci,c=de
`----

The authz-regexp

,----
| olcAuthzRegexp: {2}"uidNumber=(.*)\+gidNumber=(.*),cn=peercred,cn=external,cn=
|  auth" "ldap:///o=avci,c=de??sub?(&(uidNumber=$1)(gidNumber=$2))"
`----

This worked fine with any OpenLDAP-2.2 version, what has changed in
2.3.x ?


-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6

Follow-Ups:
- Re: sasl external mech via ldapi
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Still getting TLS errors with 2.3.11
Next by Date: Re: sasl external mech via ldapi
Index(es):
- Chronological
- Thread