From 89958abf4bc85a4e376cc68d98a721604af1ea77 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Fri, 29 Nov 2013 22:41:56 +0100 Subject: Allow flexible ACLs for SASL's EXTERNAL mechanism. "username=postfix,cn=peercred,cn=external,cn=auth" is replaced by "gidNumber=106+uidNumber=102,cn=peercred,cn=external,cn=auth" where 102 is postfix's UID and 106 its primary GID (looked up from /etc/passwd). --- roles/common-LDAP/templates/etc/ldap/database.ldif.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'roles') diff --git a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 index 19fcdd0..1970a99 100644 --- a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 +++ b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 @@ -111,14 +111,14 @@ olcAccess: to dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=org" olcAccess: to dn.exact="ou=virtual,o=mailHosting,dc=fripost,dc=org" attrs=entry by dn.exact="cn=Postfix,ou=services,o=mailHosting,dc=fripost,dc=org" =s - by dn.exact="gidNumber=8+uidNumber=8,cn=peercred,cn=external,cn=auth" =s + by dn.exact="username=postfix,cn=peercred,cn=external,cn=auth" =s by users =0 break # # Search domain owners / postmasters olcAccess: to dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=org" attrs=entry,objectClass,fvd,fvl,fripostPostmaster,fripostOwner filter=(&(objectClass=FripostVirtualDomain)(!(objectClass=FripostPendingEntry))(!(fripostIsStatusActive=FALSE))) - by dn.exact="gidNumber=8+uidNumber=8,cn=peercred,cn=external,cn=auth" =rsd + by dn.exact="username=postfix,cn=peercred,cn=external,cn=auth" =rsd by users =0 break # # Anonymous can authenticate into the services. (But not read or write the password.) -- cgit v1.2.3