diff options
author | Guilhem Moulin <guilhem.moulin@fripost.org> | 2012-09-26 02:36:45 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem.moulin@fripost.org> | 2012-09-26 02:36:45 +0200 |
commit | 6689ea9829fd2957ff1c1589b0731eedb5fc8817 (patch) | |
tree | a882337de4b2024f72c94b45c3c561b08fc30bb4 /ldap/authz.ldif | |
parent | 4239920246a5123644fd7a778b467aa371f990e6 (diff) |
Updated the LDAP schema to suit the list creation script, and the acl to suit the SASL authentication.
Diffstat (limited to 'ldap/authz.ldif')
-rw-r--r-- | ldap/authz.ldif | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/ldap/authz.ldif b/ldap/authz.ldif index 657d718..34a02df 100644 --- a/ldap/authz.ldif +++ b/ldap/authz.ldif @@ -7,8 +7,11 @@ # # SASL authentication can be checked with: # -# ldapwhoami -W -Y PLAIN -U AdminWebPanel@fripost.org -H ldapi:// -# ldapwhoami -W -Y PLAIN -U AdminWebPanel@fripost.org -H ldapi:// -X "dn:fvu=user1,fvd=fripost.org,ou=virtual,o=mailHosting,dc=fripost,dc=dev" +# ldapwhoami -U 'AdminWebPanel' +# ldapwhoami -U 'AdminWebPanel' -X "dn:fvu=user1,fvd=fripost.org,ou=virtual,o=mailHosting,dc=fripost,dc=dev" +# +# Note: The user making the LDAP query needs to have a valid kerberos +# ticket for the principal AdminWebPanel/fripost.org. # # WARNING: Beware that will also delete existing AuthzRegexp and # AuthzPolicy. @@ -22,8 +25,7 @@ dn: cn=config changetype: modify replace: olcAuthzRegexp -# TODO: force the mechanism here (GSSAPI) -olcAuthzRegexp: uid=(AdminWebPanel)@fripost\.org,cn=[^,]+,cn=auth cn=$1,ou=services,o=mailHosting,dc=fripost,dc=dev +olcAuthzRegexp: uid=(AdminWebPanel),cn=GSSAPI,cn=auth cn=$1,ou=services,o=mailHosting,dc=fripost,dc=dev - replace: olcAuthzPolicy olcAuthzPolicy: to |