[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP permissions question



Igor Shmukler wrote:
I tried to do remapping inside a DIT database. Wrote the tiny snippet below:
$ cat set_config_regexp.ldif
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcAuthzRegexp
olcAuthzRegexp: {0}"gidNumber=0\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
     "cn=admin,dc=directory,dc=com"

$ sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f set_config_regexp.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={1}hdb,cn=config"
ldap_modify: Object class violation (65)
additional info: attribute 'olcAuthzRegexp' not allowed

authz-regexp is a global configuration option. When using back-config attribute 'olcAuthzRegexp' goes into entry cn=config and *not* a database entry beneath cn=config.

You should convert the example static configuration file to dynamic configuration "database" files with:

mkdir /path/to/slapd.example.d
slapd -f slapd.conf.example -F /path/to/slapd.example.d

And then carefully analyze LDIF files generated.

As said I don't have the time to hold your hand on every step. You have to try out more yourself. Like I did when I was a beginner.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature