[Date Prev][Date Next] [Chronological] [Thread] [Top]

sasl external mech via ldapi



Hi,
with OpenLDAP-2.3.11 it seems that sasl authentication with external
mechanism via ldapi is flawed.

,----
| dieter@rubin:~> ldapwhoami -Y external
| SASL/EXTERNAL authentication started
| SASL username: uidNumber=1000+gidNumber=100,cn=peercred,cn=external,cn=auth
| SASL SSF: 0
| dn:gidNumber=100+uidNumber=1000,cn=peercred,cn=external,cn=auth
| Result: Success (0)
`----

While a ldapsearch 
,----
| dieter@rubin:~> ldapsearch -LLL -s sub "(&(uidNumber=1000)(gidNumber=100))"
| SASL/GSSAPI authentication started
| SASL username: dieter@AVCI.DE
| SASL SSF: 56
| SASL installing layers
| dn: cn=Dieter Kluenter,ou=Partner,o=avci,c=de
`----

The authz-regexp

,----
| olcAuthzRegexp: {2}"uidNumber=(.*)\+gidNumber=(.*),cn=peercred,cn=external,cn=
|  auth" "ldap:///o=avci,c=de??sub?(&(uidNumber=$1)(gidNumber=$2))"
`----

This worked fine with any OpenLDAP-2.2 version, what has changed in
2.3.x ?


-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6