[Date Prev][Date Next] [Chronological] [Thread] [Top]

authzTo [auf Viren überprüft]


A user ck with
dn: employeeid=3,ou=here,ou=humans,o=foo
uid: ck
should be used as Cyrus IMAP user by ldapdb.
I have a entry
dn: cn=human,ou=mgr,o=foo
authzTo: ldap:///ou=humans,o=foo??sub?(uid=*)

I added
sasl_ldapdb_id: cn=human,ou=mgr,o=foo
to imapd.conf and
authz-policy to
authz-regexp uid=.*,cn=auth
authz-regexp cn=human,ou=mgr,o=foo
to my slapd.conf.

ACL for ou=humans,o=foo is
access to dn.subtree=ou=humans,o=foo
	by anonymous auth
	by users read
access to dn.subtree=ou=humans,o=foo attrs=userpassword
	by self write

Is does not work. User ck is not authenticated in ldap, I can't even find a try.
There is BIND with DN: "" at first. Then a switch to cn=human,ou=mgr,o=foo (authcid=authzid="cn=human,ou=mgr,o=foo") and a search for the uid like defined in the authzTo-attribute.
It ends up with
"not authorized to assume identity".