diff options
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | perl/Wallet/Config.pm | 4 |
2 files changed, 6 insertions, 2 deletions
@@ -5,6 +5,10 @@ wallet 1.1 (unreleased) Fix the code to set enctype restrictions for keytab objects in the wallet server. + Fix the Wallet::Config documentation for the ldap-attr verifier to + reference an ldap_map_principal hook, not ldap_map_attribute, matching + the implementation. + wallet 1.0 (2013-03-27) Owners of wallet objects are now allowed to destroy them. In previous diff --git a/perl/Wallet/Config.pm b/perl/Wallet/Config.pm index af153e7..c3f6d15 100644 --- a/perl/Wallet/Config.pm +++ b/perl/Wallet/Config.pm @@ -511,7 +511,7 @@ matches the Kerberos principal. The attribute designated by LDAP_FILTER_ATTR may instead hold a transformation of the principal name (such as the principal with the local realm stripped off, or rewritten into an LDAP DN form). If this is the case, define a Perl function named -ldap_map_attribute. This function will be called whenever an LDAP +ldap_map_principal. This function will be called whenever an LDAP attribute ACL is being verified. It will take one argument, the principal, and is expected to return the value to search for in the LDAP directory server. @@ -520,7 +520,7 @@ For example, if the principal name without the local realm is stored in the C<uid> attribute in the directory, set LDAP_FILTER_ATTR to C<uid> and then define ldap_map_attribute as follows: - sub ldap_map_attribute { + sub ldap_map_principal { my ($principal) = @_; $principal =~ s/\@EXAMPLE\.COM$//; return $principal; |