Igor Shmukler wrote:
I tried to do remapping inside a DIT database. Wrote the tiny snippet below: $ cat set_config_regexp.ldif dn: olcDatabase={1}hdb,cn=config changetype: modify add: olcAuthzRegexp olcAuthzRegexp: {0}"gidNumber=0\+uidNumber=0,cn=peercred,cn=external,cn=auth" "cn=admin,dc=directory,dc=com"
$ sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f set_config_regexp.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "olcDatabase={1}hdb,cn=config" ldap_modify: Object class violation (65) additional info: attribute 'olcAuthzRegexp' not allowed
authz-regexp is a global configuration option. When using back-config attribute 'olcAuthzRegexp' goes into entry cn=config and *not* a database entry beneath cn=config.
You should convert the example static configuration file to dynamic configuration "database" files with:
mkdir /path/to/slapd.example.d slapd -f slapd.conf.example -F /path/to/slapd.example.d
And then carefully analyze LDIF files generated.
As said I don't have the time to hold your hand on every step. You have to try out more yourself. Like I did when I was a beginner.
Ciao, Michael.