Full_Name: Brian Candler
OS: Ubuntu 10.04.1
Submission from: (NULL) (220.127.116.11)
DOcumentation at http://www.openldap.org/doc/admin24/sasl.html#GSSAPI
example authorization DNs built from SASL/GSSAPI:
"a user with the Kerberos principal kurt(a)EXAMPLE.COM would have the associated
and the principal ursula/admin(a)FOREIGN.REALM would have the associated DN:
Experimentation shows that the actual behaviour is different.
You could treat this either as a behaviour error or a documentation error - if
the latter, the olcSaslRealm is pretty useless, because if set it appears in all
auth DNs (for both local and foreign realms)
Could be a bug, but we're using the parameters as documented by Cyrus. I
suggest you file this bug report with them instead.
-- Howard Chu
CTO, Symas Corp.