[Date Prev][Date Next] [Chronological] [Thread] [Top]

authzTo [auf Viren überprüft]



Hi!

A user ck with
#
dn: employeeid=3,ou=here,ou=humans,o=foo
[..]
uid: ck
#
should be used as Cyrus IMAP user by ldapdb.
I have a entry
#
dn: cn=human,ou=mgr,o=foo
#
with
#
[...]
authzTo: ldap:///ou=humans,o=foo??sub?(uid=*)

I added
#
sasl_ldapdb_id: cn=human,ou=mgr,o=foo
#
to imapd.conf and
#
authz-policy to
authz-regexp uid=.*,cn=auth
	cn=human,ou=mgr,o=foo
authz-regexp cn=human,ou=mgr,o=foo
	dn.subtree=cn=.*,ou=here,ou=humans,o=foo
#
to my slapd.conf.

ACL for ou=humans,o=foo is
#
access to dn.subtree=ou=humans,o=foo
	by anonymous auth
	by users read
access to dn.subtree=ou=humans,o=foo attrs=userpassword
	by self write

Is does not work. User ck is not authenticated in ldap, I can't even find a try.
There is BIND with DN: "" at first. Then a switch to cn=human,ou=mgr,o=foo (authcid=authzid="cn=human,ou=mgr,o=foo") and a search for the uid like defined in the authzTo-attribute.
It ends up with
"not authorized to assume identity".



Hans