[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenLDAP Backend Guide?
--On Friday, April 04, 2008 1:49 PM +0200 Buchan Milne
>> > Besides these differences, no decent example is given for mapping
>> > non-local-root identities to DNs, I am using this:
>> > sasl-regexp
>> > uid=(.*),cn=ranger.dnsalias.com,cn=gssapi,cn=auth
>> > ldap:///dc=ranger,dc=dnsalias,dc=com??sub?
>> > (krb5PrincipalName=$1@RANGER.DNSALIAS.COM)
>> Can you provide more text about this ? It sound very useful.
> A sasl-regexp of this form allows a Kerberos Principal to be mapped to an
> OpenLDAP DN of an entry with the krb5PrincipalName matching the Principal
> (in this case for the RANGER.DNSALIAS.COM realm only). I could provide
> an example (but don't heimdal up on the installation running on the
> laptop at present).
I would note the correct name for this is "authz-regexp" starting with
sasl-regexp is the 2.2 and prior name.
Principal Software Engineer
Zimbra :: the leader in open source messaging and collaboration