Re: SASL Mappings

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 
In case someone ends up with the same problem in the future, it appears that in the regex string you must escape the ( and ) with \, and the realm should be excluded from the regex if both the server and client are using the same realm... 
example: make the regex \(.*\)/admin not \(.*\)/admin@.*

-Rob
Richard Megginson wrote:

Rob See wrote:

Hi,
I'm working on getting SASL up and running with FDS 1.0.2 and have run into some problems. It seems that the SASL Mappings are being completely ignored. 

Here is my setup:

Kerberos domain of SUB.BLAH.EDU
Ldap entry for uid=rob,ou=People,dc=sub,dc=blah,dc=edu

This is the map entry (the only map entry that I have):

# map1, mapping, sasl, config
dn: cn=map1,cn=mapping,cn=sasl,cn=config
objectClass: top
objectClass: nsSaslMapping
cn: map1
nsSaslMapRegexString: (.*)/admin@.*
nsSaslMapBaseDNTemplate: uid=\1,ou=People,dc=sub,dc=blah,dc=edu
nsSaslMapFilterTemplate: (objectclass=*)

I've restarted the service which doesn't seem to fix it.
When I kinit with rob/admin, running ldapsearch -Y GSSAPI gets the following error: 
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
       additional info: SASL(-14): authorization failure:

when I kinit with rob, it works without a problem
Does anyone have any suggestions, or have I run into a bug of some sort ? 
Does this help? - http://directory.fedora.redhat.com/wiki/Howto:Kerberos




Also is there any way to turn up the log level to get more info ?

Sure.  You can use the TRACE level in the error log.


Thanks,
-Rob

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users



!DSPAM:446b8cb0247181471131949!
------------------------------------------------------------------------

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users


!DSPAM:446b8cb0247181471131949!


--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux