[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
authzTo [auf Viren überprüft]
Hi!
A user ck with
#
dn: employeeid=3,ou=here,ou=humans,o=foo
[..]
uid: ck
#
should be used as Cyrus IMAP user by ldapdb.
I have a entry
#
dn: cn=human,ou=mgr,o=foo
#
with
#
[...]
authzTo: ldap:///ou=humans,o=foo??sub?(uid=*)
I added
#
sasl_ldapdb_id: cn=human,ou=mgr,o=foo
#
to imapd.conf and
#
authz-policy to
authz-regexp uid=.*,cn=auth
cn=human,ou=mgr,o=foo
authz-regexp cn=human,ou=mgr,o=foo
dn.subtree=cn=.*,ou=here,ou=humans,o=foo
#
to my slapd.conf.
ACL for ou=humans,o=foo is
#
access to dn.subtree=ou=humans,o=foo
by anonymous auth
by users read
access to dn.subtree=ou=humans,o=foo attrs=userpassword
by self write
Is does not work. User ck is not authenticated in ldap, I can't even
find a try.
There is BIND with DN: "" at first. Then a switch to
cn=human,ou=mgr,o=foo (authcid=authzid="cn=human,ou=mgr,o=foo") and a
search for the uid like defined in the authzTo-attribute.
It ends up with
"not authorized to assume identity".
Hans