[patch] search domain from %u

Igor Brezac igor at ipass.net
Fri Oct 18 12:02:19 EDT 2002


On Tue, 15 Oct 2002, Kervin L. Pierre wrote:

> Hi,
>
> I have a newer version at http://my.fit.edu/~kpierre/lak.c.3.patch
>
> I added the ability to have a default domain context, for the case a
> user logs into the default domain and you are using the domain context
> macro.

I finally got around to look at the patch.  ;)  I think that your idea is
very good, but the implementation is not complete.  The patch hard codes
domain-based directory tree naming (dc=domain,dc=tld), but some poeple use
traditional or other directory tree naming (o=domain.tld or
o=dot,st=nc,c=us etc).  I am not sure that there is an easy way to deal
with this short of adding regex or pcre.  This might an overkill.

> PS.  things for adding ldap support to saslauthd in the first place.
> This is the second time I'm using your code ( first with the solaris
> openldap conf site ), so I feel like I owe you a check or something :)
>

Check is good.  :)   Just kidding...

-Igor

> --Kervin
>
>
> Igor Brezac wrote:
>
> > On Mon, 14 Oct 2002, Kervin L. Pierre wrote:
> >
> >
> > >I modified the patch to take the search domain from the username %u, for
> > >virtual server environments.
> > >
> > >http://my.fit.edu/~kpierre/lak.c.2.patch
> > >
> > >PS.  I am not having luck with the global search ( ie. the current
> > >method, -b "" ), I keep getting object not found although a search under
> > >a specific domain context works ( ie. -b "ou=..." ).
> > >
> >
> >
> > You are telling openldap to search a wrong backend (among other things,
> > -b"" is used to search rootDSE).
> >
> >
> > >Let me know what you think
> > >
> >
> >
> > I'll integrate the patch and submit it to Rob.
> >
> > -Igor
> >
> >
> > >--Kervin
> > >
> > >
> > >Igor Brezac wrote:
> > >
> > >
> > >>On Mon, 14 Oct 2002, Kervin L. Pierre wrote:
> > >>
> > >>
> > >>>Hi,
> > >>>
> > >>>attached is a patch to cyrus/saslauthd/lak.c to allow it to expand '%d'
> > >>>macro in ldap_search_base option to the domain context derived from the
> > >>>realm '%r'.
> > >>>
> > >>>eg.
> > >>>
> > >>>ldap_search_base: ou=people, %d
> > >>>in saslauthd.conf
> > >>>
> > >>>if realm is 'domain.tld', the ldap search base will expand to
> > >>>'ou=people,dc=domain,dc=tld'
> > >>>
> > >>>Does imapd always provide the realm in a virtual server environment
> > when
> > >>>authenticating users?  Is it safe to assume that the realm is
> > >>>'domain.tld' or more specifically the domain given to mkimap script?
> > >>>
> > >>>Is this correct/incorrect/unnecessary?
> > >>>
> > >>
> > >>In most cases an organization will have one realm.  Realms should not be
> > >>confused with domains. In virtual domain setup, %u will look like
> > >>username at domain.tld and unless you setup a realm, %r will be blank.  So,
> > >>%d is not necessary in this case.
> > >>
> > >
> > >
> > >
> >
>
>
>

-- 
Igor






More information about the Info-cyrus mailing list