Dieter Kluenter wrote:
Hi,
with OpenLDAP-2.3.11 it seems that sasl authentication with external
mechanism via ldapi is flawed.
No, it is correct in 2.3. It was wrong in 2.2.
,----
| [EMAIL PROTECTED]:~> ldapwhoami -Y external
| SASL/EXTERNAL authentication started
| SASL username: uidNumber=1000+gidNumber=100,cn=peercred,cn=external,cn=auth
| SASL SSF: 0
| dn:gidNumber=100+uidNumber=1000,cn=peercred,cn=external,cn=auth
| Result: Success (0)
`----
Notice that when normalized on the server, the gidNumber comes before
the uidNumber.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
