blob: 34a02df6b282c49fd43bd707e37e085d3117dea9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
# Load this file with
#
# ldapmodify -Y EXTERNAL -H ldapi:/// -f authz.ldif
#
# That will allow the SASL-authenticated user (service) to be
# reformatted into a proper DN under our services directory.
#
# SASL authentication can be checked with:
#
# ldapwhoami -U 'AdminWebPanel'
# ldapwhoami -U 'AdminWebPanel' -X "dn:fvu=user1,fvd=fripost.org,ou=virtual,o=mailHosting,dc=fripost,dc=dev"
#
# Note: The user making the LDAP query needs to have a valid kerberos
# ticket for the principal AdminWebPanel/fripost.org.
#
# WARNING: Beware that will also delete existing AuthzRegexp and
# AuthzPolicy.
# Note: you may have to restart slapd to flush the cache.
#
# References:
# - http://www.openldap.org/doc/admin24/sasl.html#Direct%20Mapping
# - man 5 slapd-config
dn: cn=config
changetype: modify
replace: olcAuthzRegexp
olcAuthzRegexp: uid=(AdminWebPanel),cn=GSSAPI,cn=auth cn=$1,ou=services,o=mailHosting,dc=fripost,dc=dev
-
replace: olcAuthzPolicy
olcAuthzPolicy: to
|
