[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenLDAP Backend Guide?

--On Friday, April 04, 2008 1:49 PM +0200 Buchan Milne 
<bgmilne@mandriva.org> wrote:

>> > Besides these differences, no decent example is given for mapping
>> > non-local-root identities to DNs, I am using this:
>> >
>> > sasl-regexp
>> >          uid=(.*),cn=ranger.dnsalias.com,cn=gssapi,cn=auth
>> >          ldap:///dc=ranger,dc=dnsalias,dc=com??sub?
>> > (krb5PrincipalName=$1@RANGER.DNSALIAS.COM)
>> Can you provide more text about this ? It sound very useful.
> A sasl-regexp of this form allows a Kerberos Principal to be mapped to an
> OpenLDAP DN of an entry with the krb5PrincipalName matching the Principal
> (in  this case for the RANGER.DNSALIAS.COM realm only). I could provide
> an example  (but don't heimdal up on the installation running on the
> laptop at present).

I would note the correct name for this is "authz-regexp" starting with 
OpenLDAP 2.3.
sasl-regexp is the 2.2 and prior name.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration