[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenLDAP Backend Guide?

To: heimdal-discuss@sics.se, Buchan Milne <bgmilne@mandriva.org>, =?UTF-8?Q?Love_H=C3=B6rnquist_=C3=85strand?= <lha@kth.se>
Subject: Re: OpenLDAP Backend Guide?
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Fri, 04 Apr 2008 09:23:07 -0700
In-Reply-To: <200804041349.37595.bgmilne@mandriva.org>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <16331158.post@talk.nabble.com><200803311853.50741.bgmilne@mandriva.org><494EF340-BD51-4E07-86E1-62FA7CCCB7CE@kth.se><200804041349.37595.bgmilne@mandriva.org>
Reply-To: heimdal-discuss@sics.se, Quanah Gibson-Mount <quanah@zimbra.com>

--On Friday, April 04, 2008 1:49 PM +0200 Buchan Milne 
<bgmilne@mandriva.org> wrote:

>> > Besides these differences, no decent example is given for mapping
>> > non-local-root identities to DNs, I am using this:
>> >
>> > sasl-regexp
>> >          uid=(.*),cn=ranger.dnsalias.com,cn=gssapi,cn=auth
>> >          ldap:///dc=ranger,dc=dnsalias,dc=com??sub?
>> > (krb5PrincipalName=$1@RANGER.DNSALIAS.COM)
>>
>> Can you provide more text about this ? It sound very useful.
>
> A sasl-regexp of this form allows a Kerberos Principal to be mapped to an
> OpenLDAP DN of an entry with the krb5PrincipalName matching the Principal
> (in  this case for the RANGER.DNSALIAS.COM realm only). I could provide
> an example  (but don't heimdal up on the installation running on the
> laptop at present).

I would note the correct name for this is "authz-regexp" starting with 
OpenLDAP 2.3.
sasl-regexp is the 2.2 and prior name.

--Quanah


--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- Re: OpenLDAP Backend Guide?
  - From: Love Hörnquist Åstrand <lha@kth.se>

References:
- Re: OpenLDAP Backend Guide?
  - From: Love Hörnquist Åstrand <lha@kth.se>
- Re: OpenLDAP Backend Guide?
  - From: Buchan Milne <bgmilne@mandriva.org>

Prev by Date: GSSAPI Key Exchange Patch for OpenSSH 5.0p1 (plus an added extra)
Next by Date: Re: OpenLDAP Backend Guide?
Prev by thread: Re: OpenLDAP Backend Guide?
Next by thread: Re: OpenLDAP Backend Guide?
Index(es):
- Date
- Thread