On 4/14/19 4:43 PM, Dieter Kluenter wrote:
I face a strange behaviour of a authz regexp. This is part of my slapd.conf
authz-regexp "gidNumber=(.*)+uidNumber=(.*),cn=peercred,cn=external,cn= auth" "ldap:///o=avci,c=de?dn?sub?(&(uidNumber=$2)(gidNumber=$1))"
The result of a ldapwhoami:
SASL/EXTERNAL authentication started SASL username: gidNumber=100+uidNumber=1000,cn=peercred,cn=external,cn=auth SASL SSF: 0 dn:gidNumber=100+uidNumber=1000,cn=peercred,cn=external,cn=auth
A result of search ldapsearch -Y EXTERNAL -H ldapi:/// -b o=avci,c=de -s sub "(&(gidNumber=100)(uidNumber=1000))" dn
dn: cn=Dieter Kluenter,ou=Partner,o=avci,c=de result: 0 Success
This regexp has been working for ages, in fact it hasn't been changed since Ando's first announcement.
Any idea what might have been changed?
Any change in your ACLs?
Maybe an ACL is now blocking auth access to entry 'cn=Dieter Kluenter,ou=Partner,o=avci,c=de'.
Ciao, Michael.