aboutsummaryrefslogtreecommitdiffstats
path: root/ldap/authz.ldif
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem.moulin@fripost.org>2012-09-15 19:24:24 +0200
committerGuilhem Moulin <guilhem.moulin@fripost.org>2012-09-15 19:24:24 +0200
commit695e6662e46545d08213d3eec0c4f9956333a28e (patch)
treedd7bfb8e5d44932ad51e5f525fa018c8e4866806 /ldap/authz.ldif
parentcb9479f3ecd194e70f75422cd2f1511e0d772058 (diff)
SMTP service.
Diffstat (limited to 'ldap/authz.ldif')
-rw-r--r--ldap/authz.ldif13
1 files changed, 9 insertions, 4 deletions
diff --git a/ldap/authz.ldif b/ldap/authz.ldif
index 8f88d80..657d718 100644
--- a/ldap/authz.ldif
+++ b/ldap/authz.ldif
@@ -1,14 +1,18 @@
# Load this file with
#
-# ldapadd -Y EXTERNAL -H ldapi:/// -f authz.ldif
+# ldapmodify -Y EXTERNAL -H ldapi:/// -f authz.ldif
#
# That will allow the SASL-authenticated user (service) to be
# reformatted into a proper DN under our services directory.
#
# SASL authentication can be checked with:
#
-# ldapwhoami -W -Y PLAIN -U FPanel -H ldapi://
-# ldapwhoami -W -Y PLAIN -U FPanel -H ldapi:// -X "dn:fvu=user1,fvd=fripost.org,ou=virtual,o=mailHosting,dc=fripost,dc=dev"
+# ldapwhoami -W -Y PLAIN -U AdminWebPanel@fripost.org -H ldapi://
+# ldapwhoami -W -Y PLAIN -U AdminWebPanel@fripost.org -H ldapi:// -X "dn:fvu=user1,fvd=fripost.org,ou=virtual,o=mailHosting,dc=fripost,dc=dev"
+#
+# WARNING: Beware that will also delete existing AuthzRegexp and
+# AuthzPolicy.
+# Note: you may have to restart slapd to flush the cache.
#
# References:
# - http://www.openldap.org/doc/admin24/sasl.html#Direct%20Mapping
@@ -18,7 +22,8 @@
dn: cn=config
changetype: modify
replace: olcAuthzRegexp
-olcAuthzRegexp: uid=([^,]+),cn=[^,]+,cn=auth cn=$1,ou=services,o=mailHosting,dc=fripost,dc=dev
+# TODO: force the mechanism here (GSSAPI)
+olcAuthzRegexp: uid=(AdminWebPanel)@fripost\.org,cn=[^,]+,cn=auth cn=$1,ou=services,o=mailHosting,dc=fripost,dc=dev
-
replace: olcAuthzPolicy
olcAuthzPolicy: to