FW: Problem with ldap_filter:

Guus Leeuw jr. guus.leeuw at guusleeuwit.com
Thu Mar 22 15:45:09 EST 2007



> -----Original Message-----
> From: Guus Leeuw jr. [mailto:guus.leeuw at guusleeuwit.com]
> Sent: 22 March 2007 20:39
> To: 'Jayson Henkel'; 'cyrus-sasl at lists.andrew.cmu.edu'
> Subject: RE: Problem with ldap_filter:
> 
> Jayson,
> 
> Well for one, the fastbind (when ldap_use_sasl: no) means it drops the
> search for the DN; i.e. your filter has to return the fully qualified
> DN of the user.
> Secondly what kind of user attribute is passed for authentication?
> Fully qualified as in cyrus-sasl at lists.andrew.cmu.edu? In that case you
> may want to match against %U and not %u.
> Thirdly I'm not sure whether there is a default ldap_mech...
> 
> What happens when you
> $ ldapsearch -x -b 'ou=people,dc=sterlingcrane,dc=ca'
> "(&(uid=jdoe)(objectclass=CourierMailAccount))" dn
> 
> Do you get any result? If not, up the debug stuff (-d -1 or whatever).
> Still no luck? Run the server in -d -1 in a second terminal...
> 
> Cheers,
> Guus
> 
> 
> > -----Original Message-----
> > From: cyrus-sasl-bounces at lists.andrew.cmu.edu [mailto:cyrus-sasl-
> > bounces at lists.andrew.cmu.edu] On Behalf Of Jayson Henkel
> > Sent: 22 March 2007 15:25
> > To: cyrus-sasl at lists.andrew.cmu.edu
> > Subject: Problem with ldap_filter:
> >
> > Hello everyone,
> >
> >         I've read the documentation
> >         extensively and I can't seem to find a resolution. I am
> having
> > a
> >         problem
> >         with the ldap_filter: attribute, it seems that the software
> is
> >         ignoring
> >         my filter: This is my current configuration, and I've tried
> it
> >         with bind
> >         as well as the ldap_auth_method and it seems to be ignoring
> the
> >         filter
> >         as well.
> >
> >         ldap_servers:
> >         ldaps://ldap.sterlingcrane.ca,ldaps://ldap2.sterlingcrane.ca
> >         ldap_version: 3
> >         ldap_scope: sub
> >         ldap_search_base: ou=people,dc=sterlingcrane,dc=ca
> >         ldap_auth_method: fastbind (I've tried it with bind as well)
> >         ldap_filter: (&(uid=%u)(objectClass=CourierMailAccount))
> >
> >         Can anyone comment on why this is, I need the &'d objectClass
> > to
> >         distinguish some people in 2 different branches.
> >
> >         I have a jdoe who's dn is
> >         uid=jdoe,ou=staff,ou=people,dc=sterlingcrane,dc=ca
> >
> >         and I have a different person with
> >         uid=jdoe,ou=hourly,ou=people,dc=sterlingcrane,dc=ca
> >
> >         I need to be able to "and" in the CourierMailAccount in order
> > to
> >         distinguish between them.
> >
> >         Can anyone explain why this is happening, or if it's even
> >         possible as it
> >         sounds like the ldap_filter isn't quite what I am expecting.
> >
> >         Also, what ldap_filter_mode: is as I don't see it in the
> >         documentation,
> >         yet I see it referenced in some configs.
> >
> >         Thanks in advance.
> > --
> > Regards,
> >
> > Jayson D. Henkel
> > Systems Manager
> >
> > (Tel:  +1 (780) 440-4434)
> > (Fax:  +1 (780) 440-1951)
> > (Cell: +1 (780) 886-8941)
> > (E-Mail: jhenkel at sterlingcrane.com)
> >
> > Sterling Crane
> > P.O. Box 8610. Station South
> > Edmonton, Alberta
> > Canada. T6E 6R2
> >
> > ---------------------------------------------------------------------
> --
> > -
> > The information transmitted is intended only for the person or entity
> > to
> > which it is addressed and may contain confidential and/or privileged
> > material. If you are not the intended recipient of this message you
> are
> > hereby notified that any use, review, retransmission ,
> > dissemination,distribution, reproduction or any action taken in
> > reliance
> > upon this message is prohibited. If you received this in error,
> please
> > contact the sender and delete the material from any computer. Any
> views
> > expressed in this message are those of the individual sender and may
> > not
> > necessarily reflect the views of the company.
> >
> >
> >
> >
> >
> >
> > --
> > No virus found in this incoming message.
> > Checked by AVG.
> > Version: 7.5.448 / Virus Database: 268.18.16/729 - Release Date:
> > 21/03/2007 07:52
> >
> 
> --
> No virus found in this outgoing message.
> Checked by AVG.
> Version: 7.5.448 / Virus Database: 268.18.16/729 - Release Date:
> 21/03/2007 07:52
> 

-- 
No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.448 / Virus Database: 268.18.16/729 - Release Date: 21/03/2007
07:52
 



More information about the Cyrus-sasl mailing list