=com??sub?(uid=$1)
authz-policy to
authzTo=ldap:///dc=corp,dc=company,dc=com??sub?(objectclass=person)
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database ldap
suffix "dc=corp,dc=company,dc=com"
#uri "ldaps://
ldap01.corp.company.com/dc=corp,dc=company,dc=com"
uri "ldap://
ldap01.corp.company.com/"
acl-bind bindmethod=simple
binddn="uid=proxyadmin,cn=users,cn=bindaccounts,dc=corp,dc=company,dc=com"
credentials="password"
idassert-authzFrom "dn:*"
idassert-bind bindmethod=simple
binddn="uid=proxyadmin,cn=users,cn=bindaccounts,dc=corp,dc=company,dc=com"
credentials="password"
mode=self
Not sure if it's helpful but here is the output in the logs at the event:
Apr 8 16:17:39 ldap03 slapd[3166]: ===>slap_sasl_match: comparing DN uid=dejongm,cn=opssec,cn=users,cn=accounts,dc=corp,dc=company,dc=com to rule dn:*
Apr 8 16:17:39 ldap03 slapd[3166]: slap_parseURI: parsing dn:*
Apr 8 16:17:39 ldap03 slapd[3166]: <===slap_sasl_match: comparison returned 0
Apr 8 16:17:39 ldap03 slapd[3166]: ===>slap_sasl_match: comparing DN uid=dejongm,cn=opssec,cn=users,cn=accounts,dc=corp,dc=company,dc=com to rule dn:*
Apr 8 16:17:39 ldap03 slapd[3166]: slap_parseURI: parsing dn:*
Apr 8 16:17:39 ldap03 slapd[3166]: <===slap_sasl_match: comparison returned 0
Apr 8 16:17:39 ldap03 slapd[3166]: send_ldap_result: conn=0 op=3 p=3
Apr 8 16:17:39 ldap03 slapd[3166]: send_ldap_result: err=2 matched="" text="unable to parse proxied authorization control"
Apr 8 16:17:39 ldap03 slapd[3166]: send_ldap_response: msgid=4 tag=101 err=2
Apr 8 16:17:39 ldap03 slapd[3166]: conn=0 op=3 SEARCH RESULT tag=101
err=2 nentries=0 text=unable to parse proxied authorization control
Any suggestions would be appreciated.
-Mark