<HTML>
<HEAD>
<TITLE>SASL mapping question</TITLE>
</HEAD>
<BODY>
<FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'>Dear All,<BR>
<BR>
I have few questions related to SASL mapping in 389-ds. I am using Windows AD as kerberos server and here’s the tree in both 389-ds and AD.<BR>
<BR>
In Active Directory:<BR>
Users are located in different OU’s like FullTime, PartTime, Contractors etc.<BR>
example:<I> ou=FullTime, OU=Users, OU=CompanyName,DC=<B>ADDomain</B>,DC=com<BR>
</I><BR>
In 389-DS<BR>
Users are located only in one OU <BR>
example: <I>ou=People,DC=<B>ldapdomain</B>,DC=com<BR>
</I><BR>
<<<<<<<<Questions>>>>>>><BR>
<BR>
1. Is my SASL mapping correct?<BR>
nsSaslMapRegexString: \(.*\)@ldapdomain.com<BR>
nsSaslFilterTemplate: (objectclass=user)<BR>
nsSaslBaseDNTemplate: sAMAccountName=\1,ou=Users,ou=CompanyName,dc=ADDomain,dc=com<BR>
<BR>
2. Since users are in sub-ou in ADDomain, do I have to create separate SASL mapping for each out? If, so then how will the 389-ds know if the user is in PartTime OU and not in FullTime OU.<BR>
<BR>
3. How many SASL mapping should I have? By default I see 4 listed, should I remove all others? I have read the RFCs which correspond but not sure why I need them.<BR>
<BR>
Thanks,<BR>
Prashanth </SPAN></FONT>
</BODY>
</HTML>