Am Wed, 24 Mar 2010 12:04:57 +0200 schrieb Μανόλης Βλαχάκης <[email protected]>:
> 2010/3/24 Buchan Milne <[email protected]> > > > On Tuesday, 23 March 2010 11:18:57 Μανόλης Βλαχάκης wrote: > > > after reading the openldap admin guide you mentioned > > > i understud that by using -X on the ldapsearch command > > > i should use the authzTo attribus as you said > > > > But, you haven't explained if or why you need to authorize to > > different users. > > IMHO, it looks plainly as if you have been using the -X flag by > > mistake ... > > > > The document you referred to doesn't use -X anywhere, only -x in > > the case of > > simple binds. > > > > I want to do sasl bind not simple bind that's why i use the -X > > flag! Am i > wrong? > what are you suggesting to do with the users? I believe that there is > not need to have > all users authoirized but only two for example only these who i have > in kerberos > ldapmaste and kadmin/admin! am i right? Take a look to my slapd.conf! > My problem, is that i want to do sasl bind with password and not > only with dn because now i do sasl bind only with one of the > authorized dn! Did you create a ldap service and host principal? If so, just use the GSSAPI mechanism, something like 'ldapsearch -Y GSSAPI -H ldap://some.host' and you may write an appropriate authz-regexp in oder to match the sasl authentication string to a DN. -Dieter -- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:8EF7B6C6 53°37'09,95"N 10°08'02,42"E
