[patch] search domain from %u
Kervin L. Pierre
kervin at blueprint-tech.com
Tue Oct 15 13:10:29 EDT 2002
Hi,
I have a newer version at http://my.fit.edu/~kpierre/lak.c.3.patch
I added the ability to have a default domain context, for the case a
user logs into the default domain and you are using the domain context
macro.
PS. things for adding ldap support to saslauthd in the first place.
This is the second time I'm using your code ( first with the solaris
openldap conf site ), so I feel like I owe you a check or something :)
--Kervin
Igor Brezac wrote:
> On Mon, 14 Oct 2002, Kervin L. Pierre wrote:
>
>
> >I modified the patch to take the search domain from the username %u, for
> >virtual server environments.
> >
> >http://my.fit.edu/~kpierre/lak.c.2.patch
> >
> >PS. I am not having luck with the global search ( ie. the current
> >method, -b "" ), I keep getting object not found although a search under
> >a specific domain context works ( ie. -b "ou=..." ).
> >
>
>
> You are telling openldap to search a wrong backend (among other things,
> -b"" is used to search rootDSE).
>
>
> >Let me know what you think
> >
>
>
> I'll integrate the patch and submit it to Rob.
>
> -Igor
>
>
> >--Kervin
> >
> >
> >Igor Brezac wrote:
> >
> >
> >>On Mon, 14 Oct 2002, Kervin L. Pierre wrote:
> >>
> >>
> >>>Hi,
> >>>
> >>>attached is a patch to cyrus/saslauthd/lak.c to allow it to expand '%d'
> >>>macro in ldap_search_base option to the domain context derived from the
> >>>realm '%r'.
> >>>
> >>>eg.
> >>>
> >>>ldap_search_base: ou=people, %d
> >>>in saslauthd.conf
> >>>
> >>>if realm is 'domain.tld', the ldap search base will expand to
> >>>'ou=people,dc=domain,dc=tld'
> >>>
> >>>Does imapd always provide the realm in a virtual server environment
> when
> >>>authenticating users? Is it safe to assume that the realm is
> >>>'domain.tld' or more specifically the domain given to mkimap script?
> >>>
> >>>Is this correct/incorrect/unnecessary?
> >>>
> >>
> >>In most cases an organization will have one realm. Realms should not be
> >>confused with domains. In virtual domain setup, %u will look like
> >>username at domain.tld and unless you setup a realm, %r will be blank. So,
> >>%d is not necessary in this case.
> >>
> >
> >
> >
>
More information about the Info-cyrus
mailing list