when we apply the mapping setting as shown below : (sasl regexp) * * *log_level: -1* *pwcheck_method:auxprop saslauthd* *mech_list: GSSAPI EXTERNAL LOGIN PLAIN NTLM DIGEST-MD5 CRAM-MD5* *auxprop_plugin: slapd* *ldapdb_uri:ldaps://10.0.0.12:636/ ldapi:///* *ldapdb_id: cn=M@nSpi,,dc=teipir,dc=gr* *ldapdb_pw: {SSHA}I3uStTuu03acS7E/Wp85xNBawCqzvgtY* *ldapdb_mech: GSSAPI EXTERNAL* *ldapdb_starttls: try*
on the ldapwhoami command i get:
*SASL/GSSAPI authentication started* *SASL username: kadmin/admin@TEIPIR.GR* *SASL SSF: 56* *SASL data security layer installed.* *dn:krb5PrincipalName=kadmin/admin@TEIPIR.GR,ou=kerberos,dc=teipir,dc=gr* * * * * on the other hand without mapping we get :
SASL/GSSAPI authentication started SASL username: kadmin/admin@TEIPIR.GR SASL SSF: 56 SASL data security layer installed. dn:uid=kadmin/admin,cn=gssapi,cn=auth
+
with the ACL set : *access to * by * write* * by * read* * by * auth* * * 1)i get all the time the value gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth 2)and the uid value remains empty....
*1)* *acl_get: [1] attr krb5KeyVersionNumber* *Mar 22 18:25:03 proof slapd[23892]: => acl_mask: access to entry "krb5PrincipalName=krbtgt/TEIPIR.GR@TEIPIR.GR,ou=kerberos,dc=teipir,dc=gr", attr "krb5KeyVersionNumber" requested* *Mar 22 18:25:03 proof slapd[23892]: => acl_mask: to value by "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", (=0)*
2) *=> access_allowed: auth access to "krb5PrincipalName=kadmin/ admin@TEIPIR.GR,ou=kerberos,dc=teipir,dc=gr" "uid" requested* *Mar 22 18:27:18 proof slapd[23983]: => acl_get: [1] attr uid* *Mar 22 18:27:18 proof slapd[23983]: => acl_mask: access to entry "krb5PrincipalName=kadmin/admin@TEIPIR.GR,ou=kerberos,dc=teipir,dc=gr", attr "uid" requested* *Mar 22 18:27:18 proof slapd[23983]: => acl_mask: to value by "", (=0)* *Mar 22 18:27:18 proof slapd[23983]: <= check a_dn_pat: ** *Mar 22 18:27:18 proof slapd[23983]: <= acl_mask: [1] applying write(=wrscxd) (stop)*