A SASL/Kerberos question..
Sam Hartman
hartmans at MIT.EDU
Fri Apr 19 15:32:56 EDT 2002
>>>>> "Nils" == Nils Olav Selåsdal <noselasd at frisurf.no> writes:
Nils> Am I bound to and dn when i use SASL/GSSAPI ? I get my TGT
Nils> for noselasd at FIANE.INTRA and do e.g. a 'ldapsearch -h lfs
Nils> -LLL', who am I now authorized/bound as on the ldap server?
Nils> What I want is that noselasd at FIANE.INTRA binds as
Nils> uid=noselasd,ou=People,dc=fiane,dc=intra Some explanations
This is server dependent. For OpenLDAP, you get something like
uid:sasl_name as your identity. For example here is an entry from my
OpenLDAP ACL:
by dn="uid=.*/admin" write
# The admin dn has full write access
by dn="uid=.*/admin" write
So, you are bound to a DN, but it's not really all that distinguished
and probably doesn't exist in your database. This is probably not
ideal.
More information about the Kerberos
mailing list