On 01/02/11 10:28 -0600, Joe Comeaux wrote:
I'm having a lot of trouble just getting just a basic regexp example working though. I dont have any kind of slapd.conf set up, so I'm injecting the updates through ldapmodify. Here's what I've tried : #ldapmodify -Y EXTERNAL -H ldapi:/// SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 dn: cn=config add: olcAuthzRegexp olcAuthzRegexp: uid=jrambo,ou=users,dc=example,dc=com uid=jrambo,ou=it,ou=users,dc=example,dc=com
modifying entry "cn=config"
#ldapsearch -x -H "ldap://voss.worleyco.com/" -b "dc=worleyco,dc=com" -D "uid=jrambo,ou=Users,dc=example,dc=com" -W Enter LDAP Password: ldap_bind: Invalid credentials (49)
As far as I know, authz-regexp mappings only apply to SASL binds, and in a special case in the nssov backend pam processing.
There was some discussion of using it with simple binds here:
http://www.openldap.org/lists/openldap-software/200507/msg00027.html
Given a mapping of
uid=jrambo,cn=([^,]+),cn=auth uid=jrambo,ou=it,ou=users,dc=example,dc=com
or
uid=([^,]+),cn=([^,]+),cn=auth uid=$1,ou=it,ou=users,dc=example,dc=com
or the rule I showed in my earlier email... you should then be able to do:
ldapwhoami -H "ldap://voss.worleyco.com/" -U jrambo
to see if your mapping is working correctly.
You'll want to have a SASL mechanism installed with some level of security (such as DIGEST-MD5).
You may also be able to do:
ldapwhoami -Y EXTERNAL -H ldapi:/// -X u:jrambo
to test your mappings.