[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: olcAuthzRegexp and SASL



Thank you, i figured my syntax was wrong.  now it seems that i might
have a problem with what i was trying to do.

does the below olcAuthzRegexp convert the auth request DN to the users
DN appropriately?

olcAuthzRegexp: {0}uid=([^,]*),cn=bpk2.com,cn=gssapi,cn=auth uid=
$1,ou=Users,dc=bpk2,dc=com

if i try to add the above as two separate values (broken apart where the
space [' '] is), it fails with constraint violations.  it seems that i
should not be trying to make this two values, but that it should remain
as a single entry.

i am trying to follow the example, which uses slapd.conf syntax but i
need it in cn=config syntax.  below is what i am trying to accomplish
for my domain, from the example:

        authz-regexp
          uid=([^,]*),cn=example.com,cn=gssapi,cn=auth
          uid=$1,ou=people,dc=example,dc=com

with that, i think the single value version is what i need.  i added an
olcAuthzRegexp where the realm was omitted, and that was taken.  that is
why i now think the value should stay as one entry.  i now have:

olcAuthzRegexp: {0}uid=([^,]*),cn=bpk2.com,cn=gssapi,cn=auth uid=
$1,ou=Users,dc=bpk2,dc=com
olcAuthzRegexp: {1}uid=([^,]*),cn=gssapi,cn=auth uid=
$1,ou=Users,dc=bpk2,dc=com

and i think this should work.  am i correct?

thank you for the help

On Sat, 2013-06-08 at 17:22 +0200, Pierangelo Masarati wrote:
> On 06/08/2013 04:40 PM, Brendan Kearney wrote:
> > Sent to early, sorry...
> >
> > I get the error:
> >
> > ldapmodify: extra lines at end (line 3, entry "cn=config")
> >
> > i am guessing that i have to escape the embedded space in the line, or
> > encapsulate the entire line.  what is the correct why to delete the line
> > and re-add it correctly?
> 
> Presuming you want to delete that value of olcAuthzRegexp and add two 
> new values, that's not valid LDIF.  You need to do something like
> 
> dn: cn=config
> changetype: modify
> delete: olcAuthzRegexp
> olcAuthzRegexp: uid=([^,]+),cn=bpk2.com,cn=gssapi,cn=auth
>    uid= $1,ou=Users,dc=bpk2,dc=com
> -
> add: olcAuthzRegexp
> olcAuthzRegexp: {0}uid=([^,]*),cn=bpk2.com,cn=gssapi,cn=auth
> olcAuthzRegexp: {1}uid=$1,ou=Users,dc=bpk2,dc=com
> 
> Note that since olcAuthzRegexp is ordered, you can delete a value by 
> simply using its number; for example, if the currently present line has 
> value {0}, simply use
> 
> dn: cn=config
> changetype: modify
> delete: olcAuthzRegexp
> olcAuthzRegexp: {0}
> -
> add: olcAuthzRegexp
> olcAuthzRegexp: {0}uid=([^,]*),cn=bpk2.com,cn=gssapi,cn=auth
> olcAuthzRegexp: {1}uid=$1,ou=Users,dc=bpk2,dc=com
> 
> p.
> 
> >
> > On Sat, 2013-06-08 at 10:37 -0400, Brendan Kearney wrote:
> >> all,
> >>
> >> i am working on getting SASL, Kerberos 5, and LDAP working together.  i
> >> buggered an olcAuthzRegexp and need to correct it.  i need to remove the
> >> one in place, and replace it with the corrected version.  below is what
> >> i am trying:
> >>
> >> ldapmodify -QY EXTERNAL -H ldapi:///
> >> dn: cn=config
> >> changetype: delete
> >> olcAuthzRegexp: uid=([^,]+),cn=bpk2.com,cn=gssapi,cn=auth uid=
> >> $1,ou=Users,dc=bpk2,dc=com
> >> -
> >> changetype: modify
> >> add: olcAuthzRegexp
> >> olcAuthzRegexp: {0}uid=([^,]*),cn=bpk2.com,cn=gssapi,cn=auth
> >> olcAuthzRegexp: {1}uid=$1,ou=Users,dc=bpk2,dc=com
> >>
> >> (note, the first olcAuthzRegexp that is to be deleted should be all on
> >> one line, and that is why it is wrong.  formatting in this message may
> >> change the way it looks.)
> >>
> >> the error i get is:
> >>
> >>
> >
> >
> >
> >
> >
> 
>