Igor,
Igor Shmukler schrieb (20.03.2015 11:21 Uhr):
Unfortunately, your email does not clear anything, FOR ME. It does not mean you are not 100% correct. I am just slow, I guess. Sorry.
do simple things first! Do more complex things later!
- Configure a rootdn with rootpw for each database. Use this to authenticate to slapd und modify things. This works? Fine, go on. - Create a user entry inside your DIT. Use this entry as rootdn. This works? Fine, go on. - Map this user entry from your local unix user with olcAuthzRegexp to use with ldapi and EXTERNAL. This works? Fine, go on. - or make your first steps with ACLs and another user entry.
I don't see why/how Michael's suggestion with olcAuthzRegexp could work. The way that could have worked - multiple remaps, different for each database is not allowed.
Read again what Michael said: "authz-regexp is a global configuration option."
The one permitted - inside config database, as far as I understand, does not do what I need.
Do you need multiple mappings? As you are one user on your system, this maps to one user in ldap with olcAuthzRegexp. As Micheal already posted:
authz-regexp "gidNumber=0\+uidNumber=0,cn=peercred,cn=external,cn=auth" "cn=root,dc=example,dc=com"
uid 0 (from your system) maps to ldap entry cn=root,dc=example,dc=com.
Marc