[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: cn=config and authz-regexp

To: Julien Vehent <julien@linuxwall.info>
Subject: Re: cn=config and authz-regexp
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Tue, 30 Nov 2010 13:37:08 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <4CF4E3BD.9080808@linuxwall.info>
References: <4CF4E3BD.9080808@linuxwall.info>

Julien Vehent writes:
> On my former installation, I have SASL configured using :
> (...)
> ---
> authz-regexp "^uid=([^,]+).*,cn=[^,]*,cn=auth$"
>               "ldap:///dc=domain,dc=net??sub?(uid=$1)"
> authz-policy to
> password-hash   {CLEARTEXT}
> ---
> 
> How do I translate this into cn=config directives ?

'man slapd-config' says the attributes are olcAuthzRegexp,
olcAuthzPolicy and olcPasswordHash.

> I believe it should be stored into
> /etc/ldap/slapd.d/cn=config/olcDatabase\=\{1\}hdb.ldif

I the manpage the two first are under GLOBAL CONFIGURATION OPTIONS, so
they should be in the cn=config entry.  olcPasswordHash is under GLOBAL
DATABASE OPTIONS which explains it can be in the frontend entry or the
actual database entry.

Avoid editing the cn=config files directly.  Use ldapmodify, slapadd or
slapmodify to add the directives, that way slapd will do some
verification.

-- 
Hallvard

Follow-Ups:
- Re: cn=config and authz-regexp
  - From: Julien Vehent <julien@linuxwall.info>

References:
- cn=config and authz-regexp
  - From: Julien Vehent <julien@linuxwall.info>

Prev by Date: cn=config and authz-regexp
Next by Date: Re: cn=config and authz-regexp
Index(es):
- Chronological
- Thread