Seau Yeen Su wrote:
authz-regexp uid=(.*),cn=digest-md5,cn=auth cn=Manager,dc=synamatixdev,dc=com
Without trying myself this IMO maps *every* user authenticated by SASL bind with DIGEST-MD5 to account cn=Manager,dc=synamatixdev,dc=com. If that's a privileged account this is very dangerous!
I had overlooked the malformed HTTP URLs in your authz-regexp. You should try something like this (all in one line):
authz-regexp "uid=([a-zA-Z0-9]+),cn=(digest-md5|cram-md5|ntlm|plain|login|gssapi),cn=auth" "ldap:///ou=schulung,dc=stroeder,dc=local??sub?(uid=$1)"
Add users with attribute 'uid' set and clear-text password in attribute 'userPassword' and you're done.
However, when i tried to add my users using ldfi format, i encounter some problems.
First, it's the schema issue. When i included inetorgperson schema, it keeps on throwing messages about certain audio, homePhone objectClass structural object not existing. So, i removed all those objects ldap complains and i managed to start my slapd.
You should not tweak schema files installed by OpenLDAP's 'make install'. You should rather import them in the right order because some depend on others.
After that, when i tried to add my user with the ldif format as below:
dn: ou=people,dc=synamatixdev,dc=com ou: people objectClass: organizationalunit objectClass: inetorgperson
dn: uid=user1,ou=people,dc=synamatixdev,dc=com uid: user1 cn: Mary cn: Mary Terry objectClass: inetorgperson objectClass: account objectClass: top objectClass: shadowAccount sn: Terry userPassword: user123
I receive the error message below when i tried to add with slapadd: str2entry: invalid value for attributeType objectClass #1 (syntax 1.3.6.1.4.1.1466.115.121.1.38)
That means that one of the object classes used is not present in the schema, here 'account' I guess. Also not that 'inetOrgPerson' and 'account' are both STRUCTURAL with different inheritance chain and therefore cannot be used together. Simply use this one:
------------------------------ snip ------------------------------ dn: uid=user1,ou=people,dc=synamatixdev,dc=com uid: user1 cn: Mary cn: Mary Terry objectClass: top objectClass: inetorgperson sn: Terry userPassword: user123
------------------------------ snip ------------------------------
I am not very sure about the objectClass allowed for OpenLdap 2.3.27. Why does it say there's invalid value for attributeType? PLease help, thanks!
Maybe you did not include the schema file where the object class used in your entry is defined.
Ciao, Michael.