From 695e6662e46545d08213d3eec0c4f9956333a28e Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sat, 15 Sep 2012 19:24:24 +0200 Subject: SMTP service. --- ldap/authz.ldif | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'ldap/authz.ldif') diff --git a/ldap/authz.ldif b/ldap/authz.ldif index 8f88d80..657d718 100644 --- a/ldap/authz.ldif +++ b/ldap/authz.ldif @@ -1,14 +1,18 @@ # Load this file with # -# ldapadd -Y EXTERNAL -H ldapi:/// -f authz.ldif +# ldapmodify -Y EXTERNAL -H ldapi:/// -f authz.ldif # # That will allow the SASL-authenticated user (service) to be # reformatted into a proper DN under our services directory. # # SASL authentication can be checked with: # -# ldapwhoami -W -Y PLAIN -U FPanel -H ldapi:// -# ldapwhoami -W -Y PLAIN -U FPanel -H ldapi:// -X "dn:fvu=user1,fvd=fripost.org,ou=virtual,o=mailHosting,dc=fripost,dc=dev" +# ldapwhoami -W -Y PLAIN -U AdminWebPanel@fripost.org -H ldapi:// +# ldapwhoami -W -Y PLAIN -U AdminWebPanel@fripost.org -H ldapi:// -X "dn:fvu=user1,fvd=fripost.org,ou=virtual,o=mailHosting,dc=fripost,dc=dev" +# +# WARNING: Beware that will also delete existing AuthzRegexp and +# AuthzPolicy. +# Note: you may have to restart slapd to flush the cache. # # References: # - http://www.openldap.org/doc/admin24/sasl.html#Direct%20Mapping @@ -18,7 +22,8 @@ dn: cn=config changetype: modify replace: olcAuthzRegexp -olcAuthzRegexp: uid=([^,]+),cn=[^,]+,cn=auth cn=$1,ou=services,o=mailHosting,dc=fripost,dc=dev +# TODO: force the mechanism here (GSSAPI) +olcAuthzRegexp: uid=(AdminWebPanel)@fripost\.org,cn=[^,]+,cn=auth cn=$1,ou=services,o=mailHosting,dc=fripost,dc=dev - replace: olcAuthzPolicy olcAuthzPolicy: to -- cgit v1.2.3