HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

501

502

503

504

505

506

507

508

509

510

TIP:

SASL mappings can be added when an instance is created during a silent installation by specifying

the mappings in an LDIF file and adding the LDIF file with the ConfigFile directive. Using silent

installation is described in the HP-UX Directory Server installation guide.

13.1.2 Default SASL mappings for Directory Server

The Directory Server has pre-defined SASL mapping rules to handle some of the most common

usage.

Kerberos UID mapping

This matches a Kerberos principal using a two part realm, such as user@example.com. The

realm is then used to define the search base, and the user ID (authid) defines the filter. The search

base is dc=example,dc=com and the filter of (uid=user).

dn: cn=Kerberos uid mapping,cn=mapping,cn=sasl,cn=config

objectClass: top

objectClass: nsSaslMapping

cn: Kerberos uid mapping

nsSaslMapRegexString: $.*$@$.*$\.$.*$

nsSaslMapBaseDNTemplate: dc=\2,dc=\3

nsSaslMapFilterTemplate: (uid=\1)

RFC 2829 DN syntax

This mapping matches an authid that is a valid DN (defined in RFC 2829) prefixed by dn:. The

authid maps directly to the specified DN.

dn: cn=rfc 2829 dn syntax,cn=mapping,cn=sasl,cn=config

objectClass: top

objectClass: nsSaslMapping

cn: rfc 2829 dn syntax

nsSaslMapRegexString: ^dn:$.*$

nsSaslMapBaseDNTemplate: \1

nsSaslMapFilterTemplate: (objectclass=*)

RFC 2829 U syntax

This mapping matches an authid that is a UID prefixed by u:. The value specified after the prefix

defines a filter of (uid=value). The search base is hard-coded to be the suffix of the default

userRoot database.

dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config

objectClass: top

objectClass: nsSaslMapping

cn: rfc 2829 u syntax

nsSaslMapRegexString: ^u:$.*$

nsSaslMapBaseDNTemplate: dc=example, dc=com

nsSaslMapFilterTemplate: (uid=\1)

UID mapping

This mapping matches an authid that is any plain string that does not match the other default

mapping rules. It use this value to define a filter of (uid=value). The search base is hard-coded

to be the suffix of the default userRoot database.

dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config

objectClass: top

objectClass: nsSaslMapping

cn: uid mapping

nsSaslMapRegexString: ^[^:@]+$

nsSaslMapBaseDNTemplate: dc=redbudcomputer, dc=local

nsSaslMapFilterTemplate: (uid=&)

502 Managing SASL