On 22/03/10 19:07 +0200, Μανόλης Βλαχάκης wrote:
no i havent set an authz-policy.. how should be done?
See the openldap administrator's guide, section 15.3.
I use 'authz-policy to'. It requires that I specify an authzTo attribute in each identity I want to give proxy authentication privileges to.
I assume that is what you are wanting to do, given the error earlier, but it may not be.
i didnt understand exactly what you said here... can you give a code sample please
*That looks like UNIX domain socket via an ldapi connection, by the root user (or a user with UID of 0).
You should probably have a mapping for it as well. I map root to the admin user on my system.*
From my config:
rootdn "cn=admin,dc=olp,dc=net"
authz-regexp "gidNumber=0\+uidNumber=0,cn=peercred,cn=external,cn=auth" cn=admin,dc=olp,dc=net
It gives me full rights to the server when connecting as the root user.