HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

501

502

503

504

505

506

507

508

509

510

TIP:

SASL mappings can be added when an instance is created during a silent installation by specifying

the mappings in an LDIF file and adding the LDIF file with the ConfigFile directive. Using

silent installation is described in the HP-UX Directory Server installation guide.

13.1.2 Default SASL mappings for Directory Server

The Directory Server has pre-defined SASL mapping rules to handle some of the most common

usage.

Kerberos UID mapping This matches a Kerberos principal using a two part realm, such as

user@example.com. The realm is then used to define the search base, and the user ID (authid)

defines the filter. The search base is dc=example,dc=com and the filter of (uid=user).

dn: cn=Kerberos uid mapping,cn=mapping,cn=sasl,cn=config

objectClass: top

objectClass: nsSaslMapping

cn: Kerberos uid mapping

nsSaslMapRegexString: $.*$@$.*$\.$.*$

nsSaslMapBaseDNTemplate: dc=\2,dc=\3

nsSaslMapFilterTemplate: (uid=\1)

RFC 2829 DN syntax This mapping matches an authid that is a valid DN (defined in RFC

2829) prefixed by dn:. The authid maps directly to the specified DN.

dn: cn=rfc 2829 dn syntax,cn=mapping,cn=sasl,cn=config

objectClass: top

objectClass: nsSaslMapping

cn: rfc 2829 dn syntax

nsSaslMapRegexString: ^dn:$.*$

nsSaslMapBaseDNTemplate: \1

nsSaslMapFilterTemplate: (objectclass=*)

RFC 2829 U syntax This mapping matches an authid that is a UID prefixed by u:. The value

specified after the prefix defines a filter of (uid=value). The search base is hard-coded to be

the suffix of the default userRoot database.

dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config

objectClass: top

objectClass: nsSaslMapping

cn: rfc 2829 u syntax

nsSaslMapRegexString: ^u:$.*$

nsSaslMapBaseDNTemplate: dc=example, dc=com

nsSaslMapFilterTemplate: (uid=\1)

UID mapping This mapping matches an authid that is any plain string that does not match

the other default mapping rules. It use this value to define a filter of (uid=value). The search

base is hard-coded to be the suffix of the default userRoot database.

dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config

objectClass: top

objectClass: nsSaslMapping

cn: uid mapping

nsSaslMapRegexString: ^[^:@]+$

nsSaslMapBaseDNTemplate: dc=redbudcomputer, dc=local

nsSaslMapFilterTemplate: (uid=&)

504 Managing SASL