On Tue, 15 Oct 2002, Kervin L. Pierre wrote: > Hi, > > I have a newer version at http://my.fit.edu/~kpierre/lak.c.3.patch > > I added the ability to have a default domain context, for the case a > user logs into the default domain and you are using the domain context > macro.
I finally got around to look at the patch. ;) I think that your idea is very good, but the implementation is not complete. The patch hard codes domain-based directory tree naming (dc=domain,dc=tld), but some poeple use traditional or other directory tree naming (o=domain.tld or o=dot,st=nc,c=us etc). I am not sure that there is an easy way to deal with this short of adding regex or pcre. This might an overkill. > PS. things for adding ldap support to saslauthd in the first place. > This is the second time I'm using your code ( first with the solaris > openldap conf site ), so I feel like I owe you a check or something :) > Check is good. :) Just kidding... -Igor > --Kervin > > > Igor Brezac wrote: > > > On Mon, 14 Oct 2002, Kervin L. Pierre wrote: > > > > > > >I modified the patch to take the search domain from the username %u, for > > >virtual server environments. > > > > > >http://my.fit.edu/~kpierre/lak.c.2.patch > > > > > >PS. I am not having luck with the global search ( ie. the current > > >method, -b "" ), I keep getting object not found although a search under > > >a specific domain context works ( ie. -b "ou=..." ). > > > > > > > > > You are telling openldap to search a wrong backend (among other things, > > -b"" is used to search rootDSE). > > > > > > >Let me know what you think > > > > > > > > > I'll integrate the patch and submit it to Rob. > > > > -Igor > > > > > > >--Kervin > > > > > > > > >Igor Brezac wrote: > > > > > > > > >>On Mon, 14 Oct 2002, Kervin L. Pierre wrote: > > >> > > >> > > >>>Hi, > > >>> > > >>>attached is a patch to cyrus/saslauthd/lak.c to allow it to expand '%d' > > >>>macro in ldap_search_base option to the domain context derived from the > > >>>realm '%r'. > > >>> > > >>>eg. > > >>> > > >>>ldap_search_base: ou=people, %d > > >>>in saslauthd.conf > > >>> > > >>>if realm is 'domain.tld', the ldap search base will expand to > > >>>'ou=people,dc=domain,dc=tld' > > >>> > > >>>Does imapd always provide the realm in a virtual server environment > > when > > >>>authenticating users? Is it safe to assume that the realm is > > >>>'domain.tld' or more specifically the domain given to mkimap script? > > >>> > > >>>Is this correct/incorrect/unnecessary? > > >>> > > >> > > >>In most cases an organization will have one realm. Realms should not be > > >>confused with domains. In virtual domain setup, %u will look like > > >>[EMAIL PROTECTED] and unless you setup a realm, %r will be blank. So, > > >>%d is not necessary in this case. > > >> > > > > > > > > > > > > > > -- Igor
