Hi all,
I want to rewrite the gssapi user name after authentication using
olcAuthzRegex, but I want to rewrite the krbPrincipalName. If a
principal is getting a ticket and then test the authentication with
"ldapwhoami" I see:
uid=my-principal,cn=gssapi,cn=auth
So now I want to rewrite the uid to:
krbPrincipalName=my-principal@REALM,cn=REALM,cn=kerberos,dc=example,dc=net
the real object name.
My first try was
olcAuthzRegexp: {0}uid=(.+),cn=gssapi,cn=auth
krbPrincipalName=$1@REALM,cn=REALM,cn=kerberos,dc=example,dc=net
That is working. Now "ldapwhoami" is showing
krbPrincipalName=my-principal@REALM,cn=realm,cn=kerbers,dc=example,dc=net
then I changed olcAuthzRegexp to
uid=(.+),cn=gssapi,cn=auth
ldap:///cn=kerberos,dc=example,dc=net??sub?(krbPrincipalName=$1@REALM)
I also tried:
(krbPrincipalName=$1)
(krbPrincipalName=$1@REALM,cn=REALM,cn=kerberos,dc=example,dc=net)
but non of the filters is working.
How do I have to configure the filter to rewrite the krbPrincipalName
with in the search?
Stefan