Bug 171358 - Wrong information in Howto:Kerberos
Wrong information in Howto:Kerberos
Status: CLOSED CURRENTRELEASE
Product: 389
Classification: Community
Component: wiki (Show other bugs)
7.1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Rich Megginson
Orla Hegarty
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-10-20 21:44 EDT by Kostas Georgiou
Modified: 2007-04-18 13:33 EDT (History)
1 user (show)

See Also:
Fixed In Version: 1.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-06 15:54:09 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kostas Georgiou 2005-10-20 21:44:52 EDT
After spending a day trying to figure out why the following didn't work
 nsSaslMapRegexString: (.*)@(.*)
i found out the following in the fedora-ds-7.1/ldap/servers/slapd/regex.c
 *      [7]             a regular expression in the form [1] to [10], enclosed
 *                      as \(form\) matches what form matches. The enclosure
 *                      creates a set of tags, used for [8] and for
 *                      pattern substution. The tagged forms are numbered
 *                      starting from 1.

So everything is working with entries of the form
nsSaslMapRegexString: \(.*\)
nsSaslMapRegexString: \([^/]*\)/\(.*\)

I don't think that the realm is ever send, but i haven't tried to authenticate
with a krb5 ticket from another realm.
Comment 1 Rich Megginson 2005-11-03 10:11:42 EST
Ok.  I think I understand what you're saying.  Please check the page and let me
know if it is now correct.
Comment 2 Kostas Georgiou 2005-11-06 18:00:57 EST
Seems right now apart from the DOMAIN/username section.

I use a regex of the form \([^/]+\)/\(.+\) (note that i replaced * with + since
it makes a lot more sense) to map kerberos principles with an instance, like
service/fqdn or user/admin. It really has nothing to do with DOMAIN/username.

For example if you want to map all services from hostname.domain to the
uid=hostname.domain,ou=hosts,dc=domain you can use  [^/]+/\(.+\) and a map base
of uid=\1,ou=hosts,dc=domain or you might want to map all principles with an
admin instance to uid=user,ou=Managers,dc=domain so you'll use \([^/]+\)/admin
and a mapbase of uid=\1,ou=Managers,dc=domain.

Note You need to log in before you can comment on or make changes to this bug.