Jaap Winius wrote:
Quoting "sarathkrishna89@gmail.com"sarathkrishna89@gmail.com:
For authenticating via OpenLDAP, the principles needs to be rewritten (using authz-policy and authz-regexp). We know how to do that in older version of OpenLDAP which had (slapd.conf) but don't know how to do the same in new OpenLDAP which has slapd.d directory instead. The manuals also doesn't say anything on this issue.
The switch from slapd.conf to cn=config takes a little getting used to, plus the migration script may not work for you, but in the end I produced a set of procedures that should tell you most of what you want to know:
* Integrated Kerberos-OpenLDAP provider on Debian squeeze http://www.rjsystems.nl/en/2100-d6-kerberos-openldap-provider.php * Integrated Kerberos-OpenLDAP consumer on Debian squeeze http://www.rjsystems.nl/en/2100-d6-kerberos-openldap-consumer.php
True, I didn't use Ubuntu in these examples, but I would not be surprised if the procedures were almost identical, certainly with cn=config.
If you read http://highlandsun.com/hyc/drafts/draft-chu-ldap-xordered-xx.html
You could simplify your ACL changes in 7.1.1.x.
dn: olcDatabase={1}hdb,cn=config changetype: modify delete: olcAccess olcAccess: {2} olcAccess: {1} olcAccess: {0} -
Similarly in 7.1.2.x you don't need to specify the prefixes when you're adding rules in order.
Cheers,
Jaap