Igor,
Igor Shmukler schrieb (20.03.2015 11:21 Uhr):
> Unfortunately, your email does not clear anything, FOR ME. It does not
> mean you are not 100% correct. I am just slow, I guess. Sorry.
do simple things first! Do more complex things later!
- Configure a rootdn with rootpw for each database. Use this to
authenticate to slapd und modify things.
This works? Fine, go on.
- Create a user entry inside your DIT.
Use this entry as rootdn.
This works? Fine, go on.
- Map this user entry from your local unix user with olcAuthzRegexp
to use with ldapi and EXTERNAL.
This works? Fine, go on.
- or make your first steps with ACLs and another user entry.
> I don't see why/how Michael's suggestion with olcAuthzRegexp could
> work. The way that could have worked - multiple remaps, different for
> each database is not allowed.
Read again what Michael said:
"authz-regexp is a global configuration option."
> The one permitted - inside config
> database, as far as I understand, does not do what I need.
Do you need multiple mappings?
As you are one user on your system, this maps to one user in ldap with
olcAuthzRegexp.
As Micheal already posted:
authz-regexp
"gidNumber=0\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
"cn=root,dc=example,dc=com"
uid 0 (from your system) maps to ldap entry cn=root,dc=example,dc=com.
Marc