Instructions for the proper formatting of SASL / GSSAPI identity mapping rules in the ODSEE. (Doc ID 1363262.1)

Last updated on OCTOBER 11, 2016

Applies to:

Oracle Directory Server Enterprise Edition - Version 11.1.1.5.0 and later
Oracle Solaris on SPARC (32-bit)
Linux x86
Oracle Solaris on x86 (32-bit)
Oracle Solaris on SPARC (64-bit)
Oracle Solaris on x86-64 (64-bit)
x86 64 bit (for Enterprise Linux only)
Linux x86-64
x86 32 bit (for Enterprise Linux only)
***Checked for relevance on 24-APR-2013***
This document will be valid as long as customers are using ODSEE 11x releases.

Goal

When attempting to properly create identity mapping rules for configuring sasl authentication for GSSAPI and DIGEST MD5 mechanisms, the setup can fail due to bug DS 12654448 as well as due to mis-configuration as well. How should one configure the ODSEE to properly handle client requests, including linux clients that present credentials based on section 5.2.1.8 of RFC 4513?

It appears that notation based on following this section of the RFC will fail if u: or dn: is included in the submitted mapping. Experimenting with the configuration directives fails as well. How can we properly configure the ODSEE for SASL / GSSAPI authentication against a kerberos provider that provides support for the u: and dn: notation being presented by our custom and openldap based clients.


Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms