Julien Vehent writes:
On my former installation, I have SASL configured using : (...)
authz-regexp "^uid=([^,]+).*,cn=[^,]*,cn=auth$" "ldap:///dc=domain,dc=net??sub?(uid=$1)" authz-policy to password-hash {CLEARTEXT}
How do I translate this into cn=config directives ?
'man slapd-config' says the attributes are olcAuthzRegexp, olcAuthzPolicy and olcPasswordHash.
I believe it should be stored into /etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif
I the manpage the two first are under GLOBAL CONFIGURATION OPTIONS, so they should be in the cn=config entry. olcPasswordHash is under GLOBAL DATABASE OPTIONS which explains it can be in the frontend entry or the actual database entry.
Avoid editing the cn=config files directly. Use ldapmodify, slapadd or slapmodify to add the directives, that way slapd will do some verification.