Re: Preauth error ldap heimdal kerberos

Tue, 23 Mar 2010 04:43:39 -0700 

when we apply the mapping setting as shown below :
(sasl regexp)
*
*
*log_level: -1*
*pwcheck_method:auxprop saslauthd*
*mech_list: GSSAPI EXTERNAL LOGIN PLAIN NTLM DIGEST-MD5 CRAM-MD5*
*auxprop_plugin: slapd*
*ldapdb_uri:ldaps://10.0.0.12:636/ ldapi:///*
*ldapdb_id: c...@nspi,,dc=teipir,dc=gr*
*ldapdb_pw: {SSHA}I3uStTuu03acS7E/Wp85xNBawCqzvgtY*
*ldapdb_mech: GSSAPI EXTERNAL*
*ldapdb_starttls: try*


on the ldapwhoami command i get:

*SASL/GSSAPI authentication started*
*SASL username: kadmin/[email protected]*
*SASL SSF: 56*
*SASL data security layer installed.*
*dn:krb5PrincipalName=kadmin/[email protected],ou=kerberos,dc=teipir,dc=gr*
*
*
*
*
on the other hand without mapping we get :

SASL/GSSAPI authentication started
SASL username: kadmin/[email protected]
SASL SSF: 56
SASL data security layer installed.
dn:uid=kadmin/admin,cn=gssapi,cn=auth


+

with the ACL set :
*access to * by * write*
*            by * read*
*            by * auth*
*
*
1)i get all the time the value
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
2)and the uid value remains empty....



*1)*
*acl_get: [1] attr krb5KeyVersionNumber*
*Mar 22 18:25:03 proof slapd[23892]: => acl_mask: access to entry
"krb5PrincipalName=krbtgt/[email protected],ou=kerberos,dc=teipir,dc=gr",
attr "krb5KeyVersionNumber" requested*
*Mar 22 18:25:03 proof slapd[23892]: => acl_mask: to value by
"gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", (=0)*


2)
 *=> access_allowed: auth access to "krb5PrincipalName=kadmin/
[email protected],ou=kerberos,dc=teipir,dc=gr" "uid" requested*
*Mar 22 18:27:18 proof slapd[23983]: => acl_get: [1] attr uid*
*Mar 22 18:27:18 proof slapd[23983]: => acl_mask: access to entry
"krb5PrincipalName=kadmin/[email protected],ou=kerberos,dc=teipir,dc=gr", attr
"uid" requested*
*Mar 22 18:27:18 proof slapd[23983]: => acl_mask: to value by "", (=0)*
*Mar 22 18:27:18 proof slapd[23983]: <= check a_dn_pat: **
*Mar 22 18:27:18 proof slapd[23983]: <= acl_mask: [1] applying
write(=wrscxd) (stop)*

Reply via email to