A SASL/Kerberos question..
Nils O. Selåsdal
noselasd at frisurf.no
Sat Apr 20 09:38:02 EDT 2002
On Fri, 2002-04-19 at 21:32, Sam Hartman wrote:
> >>>>> "Nils" == Nils Olav Selåsdal <noselasd at frisurf.no> writes:
>
> Nils> Am I bound to and dn when i use SASL/GSSAPI ? I get my TGT
> Nils> for noselasd at FIANE.INTRA and do e.g. a 'ldapsearch -h lfs
> Nils> -LLL', who am I now authorized/bound as on the ldap server?
> Nils> What I want is that noselasd at FIANE.INTRA binds as
> Nils> uid=noselasd,ou=People,dc=fiane,dc=intra Some explanations
>
> This is server dependent. For OpenLDAP, you get something like
> uid:sasl_name as your identity. For example here is an entry from my
> OpenLDAP ACL:
>
> by dn="uid=.*/admin" write
> # The admin dn has full write access
> by dn="uid=.*/admin" write
>
>
> So, you are bound to a DN, but it's not really all that distinguished
> and probably doesn't exist in your database. This is probably not
> ideal.
I actually managet to post to this mailing list? I intended to post to
the openldap mailing list, sorry. Anyway it seems openldap 2.1 will be
able to do what I want...
--
Nils Olav Selåsdal <NOS at Utel.no>
System Developer, UtelSystems a/s
w w w . u t e l s y s t e m s . c o m
More information about the Kerberos
mailing list