Hi all,I want to rewrite the gssapi user name after authentication using olcAuthzRegex, but I want to rewrite the krbPrincipalName. If a principal is getting a ticket and then test the authentication with "ldapwhoami" I see:
uid=my-principal,cn=gssapi,cn=auth
So now I want to rewrite the uid to: krbPrincipalName=my-principal@REALM,cn=REALM,cn=kerberos,dc=example,dc=net the real object name. My first try wasolcAuthzRegexp: {0}uid=(.+),cn=gssapi,cn=auth krbPrincipalName=$1@REALM,cn=REALM,cn=kerberos,dc=example,dc=net
That is working. Now "ldapwhoami" is showing krbPrincipalName=my-principal@REALM,cn=realm,cn=kerbers,dc=example,dc=net then I changed olcAuthzRegexp touid=(.+),cn=gssapi,cn=auth ldap:///cn=kerberos,dc=example,dc=net??sub?(krbPrincipalName=$1@REALM)
I also tried: (krbPrincipalName=$1) (krbPrincipalName=$1@REALM,cn=REALM,cn=kerberos,dc=example,dc=net) but non of the filters is working.How do I have to configure the filter to rewrite the krbPrincipalName with in the search?
Stefan
smime.p7s
Description: Kryptografische S/MIME-Signatur
