diff options
Diffstat (limited to 'ldap/authz.ldif')
-rw-r--r-- | ldap/authz.ldif | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/ldap/authz.ldif b/ldap/authz.ldif index 657d718..34a02df 100644 --- a/ldap/authz.ldif +++ b/ldap/authz.ldif @@ -7,8 +7,11 @@ # # SASL authentication can be checked with: # -# ldapwhoami -W -Y PLAIN -U AdminWebPanel@fripost.org -H ldapi:// -# ldapwhoami -W -Y PLAIN -U AdminWebPanel@fripost.org -H ldapi:// -X "dn:fvu=user1,fvd=fripost.org,ou=virtual,o=mailHosting,dc=fripost,dc=dev" +# ldapwhoami -U 'AdminWebPanel' +# ldapwhoami -U 'AdminWebPanel' -X "dn:fvu=user1,fvd=fripost.org,ou=virtual,o=mailHosting,dc=fripost,dc=dev" +# +# Note: The user making the LDAP query needs to have a valid kerberos +# ticket for the principal AdminWebPanel/fripost.org. # # WARNING: Beware that will also delete existing AuthzRegexp and # AuthzPolicy. @@ -22,8 +25,7 @@ dn: cn=config changetype: modify replace: olcAuthzRegexp -# TODO: force the mechanism here (GSSAPI) -olcAuthzRegexp: uid=(AdminWebPanel)@fripost\.org,cn=[^,]+,cn=auth cn=$1,ou=services,o=mailHosting,dc=fripost,dc=dev +olcAuthzRegexp: uid=(AdminWebPanel),cn=GSSAPI,cn=auth cn=$1,ou=services,o=mailHosting,dc=fripost,dc=dev - replace: olcAuthzPolicy olcAuthzPolicy: to |