Hi list,
I'm moving a LDAP directory on a freshly installed Debian Squeeze and I'm discovering cn=config. On my former installation, I have SASL configured using :
--- authz-regexp "^uid=([^,]+).*,cn=[^,]*,cn=auth$" "ldap:///dc=domain,dc=net??sub?(uid=$1)" authz-policy to password-hash {CLEARTEXT} ---
How do I translate this into cn=config directives ?
I believe it should be stored into /etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif
is that correct ?
Thanks, Julien
Julien Vehent writes:
On my former installation, I have SASL configured using : (...)
authz-regexp "^uid=([^,]+).*,cn=[^,]*,cn=auth$" "ldap:///dc=domain,dc=net??sub?(uid=$1)" authz-policy to password-hash {CLEARTEXT}
How do I translate this into cn=config directives ?
'man slapd-config' says the attributes are olcAuthzRegexp, olcAuthzPolicy and olcPasswordHash.
I believe it should be stored into /etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif
I the manpage the two first are under GLOBAL CONFIGURATION OPTIONS, so they should be in the cn=config entry. olcPasswordHash is under GLOBAL DATABASE OPTIONS which explains it can be in the frontend entry or the actual database entry.
Avoid editing the cn=config files directly. Use ldapmodify, slapadd or slapmodify to add the directives, that way slapd will do some verification.
On 11/30/2010 01:37 PM, Hallvard B Furuseth wrote:
Julien Vehent writes:
On my former installation, I have SASL configured using : (...)
authz-regexp "^uid=([^,]+).*,cn=[^,]*,cn=auth$" "ldap:///dc=domain,dc=net??sub?(uid=$1)" authz-policy to password-hash {CLEARTEXT}
How do I translate this into cn=config directives ?
'man slapd-config' says the attributes are olcAuthzRegexp, olcAuthzPolicy and olcPasswordHash.
I believe it should be stored into /etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif
I the manpage the two first are under GLOBAL CONFIGURATION OPTIONS, so they should be in the cn=config entry. olcPasswordHash is under GLOBAL DATABASE OPTIONS which explains it can be in the frontend entry or the actual database entry.
Avoid editing the cn=config files directly. Use ldapmodify, slapadd or slapmodify to add the directives, that way slapd will do some verification.
Thanks, that did the trick. I was looking for the relevant documentation source online, but not to the man page.
Julien
openldap-technical@openldap.org
-
Hallvard B Furuseth -
Julien Vehent