aboutsummaryrefslogtreecommitdiffstats
path: root/ldap/authz.ldif
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem.moulin@fripost.org>2012-09-26 02:36:45 +0200
committerGuilhem Moulin <guilhem.moulin@fripost.org>2012-09-26 02:36:45 +0200
commit6689ea9829fd2957ff1c1589b0731eedb5fc8817 (patch)
treea882337de4b2024f72c94b45c3c561b08fc30bb4 /ldap/authz.ldif
parent4239920246a5123644fd7a778b467aa371f990e6 (diff)
Updated the LDAP schema to suit the list creation script, and the acl to suit the SASL authentication.
Diffstat (limited to 'ldap/authz.ldif')
-rw-r--r--ldap/authz.ldif10
1 files changed, 6 insertions, 4 deletions
diff --git a/ldap/authz.ldif b/ldap/authz.ldif
index 657d718..34a02df 100644
--- a/ldap/authz.ldif
+++ b/ldap/authz.ldif
@@ -7,8 +7,11 @@
#
# SASL authentication can be checked with:
#
-# ldapwhoami -W -Y PLAIN -U AdminWebPanel@fripost.org -H ldapi://
-# ldapwhoami -W -Y PLAIN -U AdminWebPanel@fripost.org -H ldapi:// -X "dn:fvu=user1,fvd=fripost.org,ou=virtual,o=mailHosting,dc=fripost,dc=dev"
+# ldapwhoami -U 'AdminWebPanel'
+# ldapwhoami -U 'AdminWebPanel' -X "dn:fvu=user1,fvd=fripost.org,ou=virtual,o=mailHosting,dc=fripost,dc=dev"
+#
+# Note: The user making the LDAP query needs to have a valid kerberos
+# ticket for the principal AdminWebPanel/fripost.org.
#
# WARNING: Beware that will also delete existing AuthzRegexp and
# AuthzPolicy.
@@ -22,8 +25,7 @@
dn: cn=config
changetype: modify
replace: olcAuthzRegexp
-# TODO: force the mechanism here (GSSAPI)
-olcAuthzRegexp: uid=(AdminWebPanel)@fripost\.org,cn=[^,]+,cn=auth cn=$1,ou=services,o=mailHosting,dc=fripost,dc=dev
+olcAuthzRegexp: uid=(AdminWebPanel),cn=GSSAPI,cn=auth cn=$1,ou=services,o=mailHosting,dc=fripost,dc=dev
-
replace: olcAuthzPolicy
olcAuthzPolicy: to