From 072fc101158d30fa8d0481db80116bfedb0f2b15 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Sat, 22 Jul 2006 23:22:20 +0000
Subject: [PATCH] Update the GSSAPI SASL mechanism handler to use the identity mapper API in to resolve the Kerberos principal to the corresponding directory user, rather than a fixed exact-search mechanism.  This is more flexible and more consistent with the implementation of the other SASL mechanisms.

---
 opendj-sdk/opends/resource/schema/02-config.ldif |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/opendj-sdk/opends/resource/schema/02-config.ldif b/opendj-sdk/opends/resource/schema/02-config.ldif
index 00eb5a9..31dc2cb 100644
--- a/opendj-sdk/opends/resource/schema/02-config.ldif
+++ b/opendj-sdk/opends/resource/schema/02-config.ldif
@@ -1157,9 +1157,9 @@
   MAY ds-cfg-realm X-ORIGIN 'OpenDS Directory Server' )
 objectClasses: ( 1.3.6.1.4.1.26027.1.2.48
   NAME 'ds-cfg-gssapi-sasl-mechanism-handler'
-  SUP ds-cfg-sasl-mechanism-handler MAY ( ds-cfg-user-name-attribute $
-  ds-cfg-user-base-dn $ ds-cfg-realm $ ds-cfg-kdc-address $
-  ds-cfg-keytab $ ds-cfg-server-fqdn ) X-ORIGIN 'OpenDS Directory Server' )
+  SUP ds-cfg-sasl-mechanism-handler MAY ( ds-cfg-identity-mapper-dn $
+  ds-cfg-realm $ ds-cfg-kdc-address $ ds-cfg-keytab $ ds-cfg-server-fqdn )
+  X-ORIGIN 'OpenDS Directory Server' )
 objectClasses: ( 1.3.6.1.4.1.26027.1.2.49 NAME 'ds-task' SUP top
   STRUCTURAL MUST ( ds-task-class-name $ ds-task-id ) MAY ( ds-task-state $
   ds-task-scheduled-start-time $ ds-task-actual-start-time $

--
Gitblit v1.10.0