aboutsummaryrefslogtreecommitdiffstats
path: root/ldap/authz.ldif
blob: 657d7187ae140977943523229cdfbe05393abde9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# Load this file with
#
#   ldapmodify -Y EXTERNAL -H ldapi:/// -f authz.ldif
#
# That will allow the SASL-authenticated user (service) to be
# reformatted into a proper DN under our services directory.
# 
# SASL authentication can be checked with:
#
#   ldapwhoami -W -Y PLAIN -U AdminWebPanel@fripost.org -H ldapi://
#   ldapwhoami -W -Y PLAIN -U AdminWebPanel@fripost.org -H ldapi:// -X "dn:fvu=user1,fvd=fripost.org,ou=virtual,o=mailHosting,dc=fripost,dc=dev"
#
# WARNING: Beware that will also delete existing AuthzRegexp and
# AuthzPolicy.
# Note: you may have to restart slapd to flush the cache.
#
# References:
# - http://www.openldap.org/doc/admin24/sasl.html#Direct%20Mapping
# - man 5 slapd-config


dn: cn=config
changetype: modify
replace: olcAuthzRegexp
# TODO: force the mechanism here (GSSAPI)
olcAuthzRegexp: uid=(AdminWebPanel)@fripost\.org,cn=[^,]+,cn=auth cn=$1,ou=services,o=mailHosting,dc=fripost,dc=dev
-
replace: olcAuthzPolicy
olcAuthzPolicy: to