[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: cn=config and authz-regexp
Julien Vehent writes:
> On my former installation, I have SASL configured using :
> (...)
> ---
> authz-regexp "^uid=([^,]+).*,cn=[^,]*,cn=auth$"
> "ldap:///dc=domain,dc=net??sub?(uid=$1)"
> authz-policy to
> password-hash {CLEARTEXT}
> ---
>
> How do I translate this into cn=config directives ?
'man slapd-config' says the attributes are olcAuthzRegexp,
olcAuthzPolicy and olcPasswordHash.
> I believe it should be stored into
> /etc/ldap/slapd.d/cn=config/olcDatabase\=\{1\}hdb.ldif
I the manpage the two first are under GLOBAL CONFIGURATION OPTIONS, so
they should be in the cn=config entry. olcPasswordHash is under GLOBAL
DATABASE OPTIONS which explains it can be in the frontend entry or the
actual database entry.
Avoid editing the cn=config files directly. Use ldapmodify, slapadd or
slapmodify to add the directives, that way slapd will do some
verification.
--
Hallvard