when we apply the mapping setting as shown below :
(sasl regexp)
log_level: -1
pwcheck_method:auxprop saslauthd
mech_list: GSSAPI EXTERNAL LOGIN PLAIN NTLM DIGEST-MD5 CRAM-MD5
auxprop_plugin: slapd
ldapdb_id: cn=M@nSpi,,dc=teipir,dc=gr
ldapdb_pw: {SSHA}I3uStTuu03acS7E/Wp85xNBawCqzvgtY
ldapdb_mech: GSSAPI EXTERNAL
ldapdb_starttls: try
on the ldapwhoami command i get:
SASL/GSSAPI authentication started
SASL SSF: 56
SASL data security layer installed.
on the other hand without mapping we get :
SASL/GSSAPI authentication started
SASL SSF: 56
SASL data security layer installed.
dn:uid=kadmin/admin,cn=gssapi,cn=auth
+
with the ACL set :
access to * by * write
by * read
by * auth
1)i get all the time the value gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
2)and the uid value remains empty....
1)
acl_get: [1] attr krb5KeyVersionNumber
Mar 22 18:25:03 proof slapd[23892]: => acl_mask: access to entry "krb5PrincipalName=krbtgt/TEIPIR.GR@TEIPIR.GR,ou=kerberos,dc=teipir,dc=gr", attr "krb5KeyVersionNumber" requested
Mar 22 18:25:03 proof slapd[23892]: => acl_mask: to value by "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", (=0)
2)
=> access_allowed: auth access to "krb5PrincipalName=kadmin/admin@TEIPIR.GR,ou=kerberos,dc=teipir,dc=gr" "uid" requested
Mar 22 18:27:18 proof slapd[23983]: => acl_get: [1] attr uid
Mar 22 18:27:18 proof slapd[23983]: => acl_mask: access to entry "krb5PrincipalName=kadmin/admin@TEIPIR.GR,ou=kerberos,dc=teipir,dc=gr", attr "uid" requested
Mar 22 18:27:18 proof slapd[23983]: => acl_mask: to value by "", (=0)
Mar 22 18:27:18 proof slapd[23983]: <= check a_dn_pat: *
Mar 22 18:27:18 proof slapd[23983]: <= acl_mask: [1] applying write(=wrscxd) (stop)