Bug 918709
Summary: | [RFE] Add SASL mappings fallback | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Nathan Kinder <nkinder> |
Component: | 389-ds-base | Assignee: | Rich Megginson <rmeggins> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Sankar Ramalingam <sramling> |
Severity: | unspecified | Docs Contact: | |
Priority: | high | ||
Version: | 7.0 | CC: | jgalipea, jrusnack, mkubik, mreynolds, nhosoi |
Target Milestone: | rc | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | 389-ds-base-1.3.1.2-1.el7 | Doc Type: | Enhancement |
Doc Text: |
Cause: Lack of being able to check multiple matching SASL mappings if one mapping should fail.
Consequence: Rigid use of SASL authentication.
Change: Added SAL mapping fallback/failover capability. As well as an optional priority/precedence for each mappings.
Result: SASL authentication is more robust.
What now happens when the actions or circumstances above occur.
Note: this is not the same as the feature request was fulfilled.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2014-06-13 13:20:07 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Nathan Kinder
2013-03-06 18:16:01 UTC
moving all ON_QA bugs to MODIFIED in order to add them to the errata (can't add bugs in the ON_QA state to an errata). When the errata is created, the bugs should be automatically moved back to ON_QA. [root@localhost jrusnack]# ldapsearch -LLL -D "cn=directory manager" -w Secret123 -b "cn=config" -s base nsslapd-sasl-mapping-fallback dn: cn=config nsslapd-sasl-mapping-fallback: off [root@localhost jrusnack]# ldapmodify -D "cn=directory manager" -w Secret123 <<EOF > dn: cn=config > changetype: modify > replace: nsslapd-sasl-mapping-fallback > nsslapd-sasl-mapping-fallback: on > EOF modifying entry "cn=config" [root@localhost jrusnack]# ldapsearch -LLL -D "cn=directory manager" -w Secret123 -b " cn=Kerberos uid mapping,cn=mapping,cn=sasl,cn=config " dn: cn=Kerberos uid mapping,cn=mapping,cn=sasl,cn=config objectClass: top objectClass: nsSaslMapping cn: Kerberos uid mapping nsSaslMapRegexString: \(.*\)@\(.*\)\.\(.*\) nsSaslMapBaseDNTemplate: dc=\2,dc=\3 nsSaslMapFilterTemplate: (uid=\1) [root@localhost jrusnack]# ldapmodify -D "cn=directory manager" -w Secret123 <<EOF dn: cn=Kerberos uid mapping,cn=mapping,cn=sasl,cn=config > changetype: modify > add: nsSaslMapPriority > nsSaslMapPriority: 1 > EOF modifying entry "cn=Kerberos uid mapping,cn=mapping,cn=sasl,cn=config" [root@localhost jrusnack]# ldapsearch -LLL -D "cn=directory manager" -w Secret123 -b " cn=Kerberos uid mapping,cn=mapping,cn=sasl,cn=config " dn: cn=Kerberos uid mapping,cn=mapping,cn=sasl,cn=config objectClass: top objectClass: nsSaslMapping cn: Kerberos uid mapping nsSaslMapRegexString: \(.*\)@\(.*\)\.\(.*\) nsSaslMapBaseDNTemplate: dc=\2,dc=\3 nsSaslMapFilterTemplate: (uid=\1) nsSaslMapPriority: 1 Feature is implemented in latest RHEL7 389, testing is yet to be done - bugs in this feature will be filed separately. This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |