SASL Mappings

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

In case someone ends up with the same problem in the future, it appears 
that in the regex string you must escape the ( and ) with \, and the 
realm should be excluded from the regex if both the server and client 
are using the same realm...
example: make the regex \(.*\)/admin not \(.*\)/admin at .*

-Rob
Richard Megginson wrote:
> Rob See wrote:
>> Hi,
>>
>>    I'm working on getting SASL up and running with FDS 1.0.2 and have 
>> run into some problems. It seems that the SASL Mappings are being 
>> completely ignored.
>>
>> Here is my setup:
>>
>> Kerberos domain of SUB.BLAH.EDU
>> Ldap entry for uid=rob,ou=People,dc=sub,dc=blah,dc=edu
>>
>> This is the map entry (the only map entry that I have):
>>
>> # map1, mapping, sasl, config
>> dn: cn=map1,cn=mapping,cn=sasl,cn=config
>> objectClass: top
>> objectClass: nsSaslMapping
>> cn: map1
>> nsSaslMapRegexString: (.*)/admin at .*
>> nsSaslMapBaseDNTemplate: uid=\1,ou=People,dc=sub,dc=blah,dc=edu
>> nsSaslMapFilterTemplate: (objectclass=*)
>>
>> I've restarted the service which doesn't seem to fix it.
>>
>> When I kinit with rob/admin, running ldapsearch -Y GSSAPI gets the 
>> following error:
>> SASL/GSSAPI authentication started
>> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>>        additional info: SASL(-14): authorization failure:
>>
>> when I kinit with rob, it works without a problem
>>
>> Does anyone have any suggestions, or have I run into a bug of some 
>> sort ?
> Does this help? - http://directory.fedora.redhat.com/wiki/Howto:Kerberos

>>
>> Also is there any way to turn up the log level to get more info ?
> Sure.  You can use the TRACE level in the error log.
>>
>> Thanks,
>> -Rob
>>
>> -- 
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
> !DSPAM:446b8cb0247181471131949!
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
> !DSPAM:446b8cb0247181471131949!
>
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux