[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Auth access for search-based mappings?

To: Jaap Winius <jwinius@umrk.nl>
Subject: Re: Auth access for search-based mappings?
From: Jaap Winius <jwinius@umrk.nl>
Date: Mon, 18 Jan 2010 00:46:59 +0100
Cc: Howard Chu <hyc@symas.com>, openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <20100116164608.3kdezj5fmgm8ocww@www.umrk.nl>
References: <20100115201454.pzmq2f727cow0o88@www.umrk.nl> <20100116051728.ujtrvfqpunkssscs@www.umrk.nl> <4B5144F9.5070000@symas.com> <20100116164608.3kdezj5fmgm8ocww@www.umrk.nl>
User-agent: Internet Messaging Program (IMP) H3 (4.1.5)

Quoting Jaap Winius <jwinius@umrk.nl>:

authz-regexp
        uid=([^,]*),cn=example.com,cn=gssapi,cn=auth
        ldap:///dc=example,dc=com??sub?
             (&(|(entryDN:dnSubtree:=ou=eng,dc=example,dc=com)
                 (entryDN:dnSubtree:=ou=bio,dc=example,dc=com))
             (uid=$1)(objectclass=person))

Unfortunately, this doesn't work at all. ...


But this does work:

authz-regexp
        uid=([^,]*),cn=example.com,cn=gssapi,cn=auth
        ldap:///dc=example,dc=com??sub?
             (&(|(entryDN:dnSubtreeMatch:=ou=eng,dc=example,dc=com)
                 (entryDN:dnSubtreeMatch:=ou=bio,dc=example,dc=com))
             (uid=$1)(objectclass=person))

I found what I needed to know on the man page for slapcat; first example.

Cheers,

Jaap

References:
- Auth access for search-based mappings?
  - From: Jaap Winius <jwinius@umrk.nl>
- Re: Auth access for search-based mappings?
  - From: Jaap Winius <jwinius@umrk.nl>
- Re: Auth access for search-based mappings?
  - From: Howard Chu <hyc@symas.com>
- Re: Auth access for search-based mappings?
  - From: Jaap Winius <jwinius@umrk.nl>

Prev by Date: Re: Auth access for search-based mappings?
Next by Date: Re: Some openldap 2.4 questions
Index(es):
- Chronological
- Thread