Configuring Sasl Identity Mapping From The Command-Line; Configuring Kerberos; Table 11-1 Supported Kerberos Systems - Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR Administrator's Manual

Open the "Configuration" tab.
2.
Select the "SASL Mapping" tab.
3.
Select the "Add" button, and fill in the required values.
4.
Before you can modify a SASL identity, you must have saved that identity. Then
you can click on the "Modify" button, and a text box appears with the current
values. Change the values you want, and then close, and hit "Save." To delete a
SASL identity, highlight it, and hit the "Delete" button.
Configuring SASL Identity Mapping from the
Command-Line
To configure SASL identity mapping from the command-line, use the
utility to configure an identity mapping scheme, such as the following:
ldapmodify -a -p 389 -h localhost -D "cn=directory manager" -w
password33
dn: cn=mymap2,cn=mapping,cn=sasl,cn=config
objectclass: top
objectclass: nsSaslMapping
cn: mymap2
nsSaslMapRegexString: .*
nsSaslMapBaseDNTemplate: ou=People,dc=example,dc=com
nsSaslMapFilterTemplate: (cn=&)
This will match any user ID and map to the result of the the subtree search with
base
ou=People,dc=example,dc=com

Configuring Kerberos

Kerberos v5 must be deployed on your system to utilize the GSS-API mechanism
for SASL authentication. Table 11-1 summarizes the Kerberos applications
supported by various platforms. GSS-API must be enabled as a SASL mechanism
in the Directory Server to take advantage of Kerberos services.
Table 11-1 Supported Kerberos Systems
Linux
HP-UX 11i
Sun Solaris
and filter
MIT Kerberos version 5
HP Kerberos version 2.1
SEAM 1.0.1
.
cn=userId
Chapter 11 Managing SSL and SASL
Introduction to SASL
ldapmodify
443