diff options
author | Guilhem Moulin <guilhem.moulin@fripost.org> | 2012-09-09 23:26:26 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem.moulin@fripost.org> | 2012-09-09 23:26:26 +0200 |
commit | 0bed9611730fc434dd55175bc947dc09fc430710 (patch) | |
tree | 0f9dfd3e77f56ffc2ce1a1df413cd8b2fa8034c6 /ldap/authz.ldif | |
parent | 09ca4fea45f2548d429a59a742593ebb5ebcbfab (diff) |
SASL proxy authorization.
Diffstat (limited to 'ldap/authz.ldif')
-rw-r--r-- | ldap/authz.ldif | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/ldap/authz.ldif b/ldap/authz.ldif new file mode 100644 index 0000000..8f88d80 --- /dev/null +++ b/ldap/authz.ldif @@ -0,0 +1,24 @@ +# Load this file with +# +# ldapadd -Y EXTERNAL -H ldapi:/// -f authz.ldif +# +# That will allow the SASL-authenticated user (service) to be +# reformatted into a proper DN under our services directory. +# +# SASL authentication can be checked with: +# +# ldapwhoami -W -Y PLAIN -U FPanel -H ldapi:// +# ldapwhoami -W -Y PLAIN -U FPanel -H ldapi:// -X "dn:fvu=user1,fvd=fripost.org,ou=virtual,o=mailHosting,dc=fripost,dc=dev" +# +# References: +# - http://www.openldap.org/doc/admin24/sasl.html#Direct%20Mapping +# - man 5 slapd-config + + +dn: cn=config +changetype: modify +replace: olcAuthzRegexp +olcAuthzRegexp: uid=([^,]+),cn=[^,]+,cn=auth cn=$1,ou=services,o=mailHosting,dc=fripost,dc=dev +- +replace: olcAuthzPolicy +olcAuthzPolicy: to |