[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heimdal/OpenLDAP/Samba howto and bugreport



Christopher írta:

>On Fri, 4 Jun 2004, [ISO-8859-2] G?mes G?za wrote:
>  
>
>>What if users are in multiple organizational units: ou=Teachers, 
>>ou=Students, etc..
>>I'm quite sceptical about the fact, that we could succesfuly implement 
>>hdb-ldap on this setup :-(
>>What could be important for the future (Samba4=ADServer) this will make 
>>it problematic, to have a separate ou=Hosts, ou=Computers, or 
>>cn=Computers container.
>>    
>>
>
>The sasl-regexp does a first match on multiple entries, so you would need some
>sort of distinguished method of naming principals - maybe put teachers into
>a separate realm, use host/<hostname> for computer containers, etc.
>
>sasl-regexp host/(.+),cn=GSSAPI,cn=auth
>	dc=$1,ou=Hosts,o=bf
>sasl-regexp uid=(.+),cn=STAFF.YOUR.REALM,cn=GSSAPI,cn=auth
>	uid=$1,ou=Teachers,o=bf
>...students, etc...
>sasl-regexp uid=(.+),cn=GSSAPI,cn=auth
>	uid=$1,ou=People,o=bf
>
>--
>Christopher Maxwell
>christopher@themanor.net
>
>  
>
Could it be also

sasl-regexp teachers/(.+),cn=GSSAPI,cn=auth
	dc=$1,ou=Teachers,dc=something


sasl-regexp students/(.+),cn=GSSAPI,cn=auth
	dc=$1,ou=Students,dc=something

? or it will break some functionality (Cyrus SASL, OpenSSH Kerberos 
support, etc)

Thanks

Geza