[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
authz-regexp trouble, help!
- To: openldap-technical@openldap.org
- Subject: authz-regexp trouble, help!
- From: Василий Молостов <molostoff@gmail.com>
- Date: Fri, 14 Dec 2012 03:26:48 +0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=h3Uq2IOHAUyvuWJxgtKmMWtf6gV4TAsWT3nAoXpiH94=; b=PDzneyXXOBhGo6/gXlAXhpWoOoGhsHtlYqFt2IlLUGUZgOZPWvpKlzQcMABDafmlpN aRs97pzgTti3EGSNVUVmNK8iRLZXV87yGq25I4qA3Jd0DGBWsVyRdNoOfW+ih/V3pTmJ s9X1c88CBR21VPx3615APa6lnTpygq4uK36CrhxIdGRrFtqq2gvyEEjqSa0CzzSp026o 1buHLBYaBZLY6ZBgcfiCoynK8uWjMujBKn2JC64UlqfjJNlYSR3utoXypkf5KSIpRPrv 0e7cjJhlXwmBge0myyqmV45QHeimV/3CiiSp87qQaTrFIyUX6rAKiXAvo/8Xpd3ZnL7V IW0w==
Hi,
I have th following directive in the slapd.conf:
authz-regexp
gidNumber=([^0][0-9]+).uidNumber=([^0][0-9]+),cn=peercred,cn=external,cn=auth
ldapi:///ou=people,dc=local???(uidNumber=$2)
but server is unable to fetch (slap_sasl2dn: Converted SASL name to <nothing>)
here is trace output (slapd -d 2177 -h "ldapi:/// ldaps:/// ldap:///"):
50ca62b8 >>> dnPrettyNormal: <>
50ca62b8 <<< dnPrettyNormal: <>, <>
50ca62b8 do_bind: dn () SASL mech EXTERNAL
50ca62b8 ==>slap_sasl2dn: converting SASL name
gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth to a DN
50ca62b8 ==> rewrite_context_apply [depth=1]
string='gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth'
50ca62b8 ==> rewrite_rule_apply
rule='gidNumber=([^0][0-9]+).uidNumber=([^0][0-9]+),cn=peercred,cn=external,cn=auth'
string='gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth'
[1 pass(es)]
50ca62b8 ==> rewrite_context_apply [depth=1]
res={0,'ldapi:///ou=people,dc=local??sub?(uidNumber=1000)'}
50ca62b8 slap_parseURI: parsing
ldapi:///ou=people,dc=local??sub?(uidNumber=1000)
ldap_url_parse_ext(ldapi:///ou=people,dc=local??sub?(uidNumber=1000))
50ca62b8 <==slap_sasl2dn: Converted SASL name to <nothing>
50ca62b8 SASL Authorize [conn=1001]: proxy authorization allowed authzDN=""
50ca62b8 send_ldap_sasl: err=0 len=-1
50ca62b8 do_bind: SASL/EXTERNAL bind:
dn="gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth"
sasl_ssf=0
50ca62b8 send_ldap_response: msgid=1 tag=97 err=0
Direct sasl authz mapping works fine, but URI does not, what's wrong
with this stuff?
How I can check URI correctness for slapd or get tracing info from
ldap_url_parse_ext/slap_sasl2dn about why they returned nothing?
With wich access rights slapd does its internal query ? How to configure them ?