On 06/08/2013 06:42 PM, Brendan Kearney wrote:
Thank you, i figured my syntax was wrong. now it seems that i might have a problem with what i was trying to do.
does the below olcAuthzRegexp convert the auth request DN to the users DN appropriately?
olcAuthzRegexp: {0}uid=([^,]*),cn=bpk2.com,cn=gssapi,cn=auth uid= $1,ou=Users,dc=bpk2,dc=com
It depends on the layout of your users' DN. It makes sense.
if i try to add the above as two separate values (broken apart where the space [' '] is), it fails with constraint violations. it seems that i should not be trying to make this two values, but that it should remain as a single entry
Yes, authz-regexp consists in pairs <pattern> <value>.
i am trying to follow the example, which uses slapd.conf syntax but i need it in cn=config syntax. below is what i am trying to accomplish for my domain, from the example:
authz-regexp uid=([^,]*),cn=example.com,cn=gssapi,cn=auth uid=$1,ou=people,dc=example,dc=comwith that, i think the single value version is what i need. i added an olcAuthzRegexp where the realm was omitted, and that was taken. that is why i now think the value should stay as one entry. i now have:
olcAuthzRegexp: {0}uid=([^,]*),cn=bpk2.com,cn=gssapi,cn=auth uid= $1,ou=Users,dc=bpk2,dc=com olcAuthzRegexp: {1}uid=([^,]*),cn=gssapi,cn=auth uid= $1,ou=Users,dc=bpk2,dc=com
and i think this should work. am i correct?
I think you could also use a single value like this:
olcAuthzRegexp: {0}uid=([^,]*)(,cn=bpk2.com)?,cn=gssapi,cn=auth uid=$1,ou=Users,dc=bpk2,dc=com
p.
thank you for the help
On Sat, 2013-06-08 at 17:22 +0200, Pierangelo Masarati wrote:
On 06/08/2013 04:40 PM, Brendan Kearney wrote:
Sent to early, sorry...
I get the error:
ldapmodify: extra lines at end (line 3, entry "cn=config")
i am guessing that i have to escape the embedded space in the line, or encapsulate the entire line. what is the correct why to delete the line and re-add it correctly?
Presuming you want to delete that value of olcAuthzRegexp and add two new values, that's not valid LDIF. You need to do something like
dn: cn=config changetype: modify delete: olcAuthzRegexp olcAuthzRegexp: uid=([^,]+),cn=bpk2.com,cn=gssapi,cn=auth uid= $1,ou=Users,dc=bpk2,dc=com
add: olcAuthzRegexp olcAuthzRegexp: {0}uid=([^,]*),cn=bpk2.com,cn=gssapi,cn=auth olcAuthzRegexp: {1}uid=$1,ou=Users,dc=bpk2,dc=com
Note that since olcAuthzRegexp is ordered, you can delete a value by simply using its number; for example, if the currently present line has value {0}, simply use
dn: cn=config changetype: modify delete: olcAuthzRegexp olcAuthzRegexp: {0}
add: olcAuthzRegexp olcAuthzRegexp: {0}uid=([^,]*),cn=bpk2.com,cn=gssapi,cn=auth olcAuthzRegexp: {1}uid=$1,ou=Users,dc=bpk2,dc=com
p.
On Sat, 2013-06-08 at 10:37 -0400, Brendan Kearney wrote:
all,
i am working on getting SASL, Kerberos 5, and LDAP working together. i buggered an olcAuthzRegexp and need to correct it. i need to remove the one in place, and replace it with the corrected version. below is what i am trying:
ldapmodify -QY EXTERNAL -H ldapi:/// dn: cn=config changetype: delete olcAuthzRegexp: uid=([^,]+),cn=bpk2.com,cn=gssapi,cn=auth uid= $1,ou=Users,dc=bpk2,dc=com
changetype: modify add: olcAuthzRegexp olcAuthzRegexp: {0}uid=([^,]*),cn=bpk2.com,cn=gssapi,cn=auth olcAuthzRegexp: {1}uid=$1,ou=Users,dc=bpk2,dc=com
(note, the first olcAuthzRegexp that is to be deleted should be all on one line, and that is why it is wrong. formatting in this message may change the way it looks.)
the error i get is: