[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Auth access for search-based mappings?



Quoting Jaap Winius <jwinius@umrk.nl>:

authz-regexp
        uid=([^,]*),cn=example.com,cn=gssapi,cn=auth
        ldap:///dc=example,dc=com??sub?
             (&(|(entryDN:dnSubtree:=ou=eng,dc=example,dc=com)
                 (entryDN:dnSubtree:=ou=bio,dc=example,dc=com))
             (uid=$1)(objectclass=person))

Unfortunately, this doesn't work at all. ...

But this does work:

authz-regexp
        uid=([^,]*),cn=example.com,cn=gssapi,cn=auth
        ldap:///dc=example,dc=com??sub?
             (&(|(entryDN:dnSubtreeMatch:=ou=eng,dc=example,dc=com)
                 (entryDN:dnSubtreeMatch:=ou=bio,dc=example,dc=com))
             (uid=$1)(objectclass=person))

I found what I needed to know on the man page for slapcat; first example.

Cheers,

Jaap