# Load this file with
#
#   ldapmodify -Y EXTERNAL -H ldapi:/// -f authz.ldif
#
# That will allow the SASL-authenticated user (service) to be
# reformatted into a proper DN under our services directory.
# 
# SASL authentication can be checked with:
#
#   ldapwhoami -U 'AdminWebPanel'
#   ldapwhoami -U 'AdminWebPanel' -X "dn:fvu=user1,fvd=fripost.org,ou=virtual,o=mailHosting,dc=fripost,dc=dev"
# 
# Note: The user making the LDAP query needs to have a valid kerberos
# ticket for the principal AdminWebPanel/fripost.org.
#
# WARNING: Beware that will also delete existing AuthzRegexp and
# AuthzPolicy.
# Note: you may have to restart slapd to flush the cache.
#
# References:
# - http://www.openldap.org/doc/admin24/sasl.html#Direct%20Mapping
# - man 5 slapd-config


dn: cn=config
changetype: modify
replace: olcAuthzRegexp
olcAuthzRegexp: uid=(AdminWebPanel),cn=GSSAPI,cn=auth cn=$1,ou=services,o=mailHosting,dc=fripost,dc=dev
-
replace: olcAuthzPolicy
olcAuthzPolicy: to