Igor Shmukler wrote:
I tried to do remapping inside a DIT database. Wrote the tiny snippet below:
$ cat set_config_regexp.ldif
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcAuthzRegexp
olcAuthzRegexp: {0}"gidNumber=0\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
"cn=admin,dc=directory,dc=com"
$ sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f set_config_regexp.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={1}hdb,cn=config"
ldap_modify: Object class violation (65)
additional info: attribute 'olcAuthzRegexp' not allowed
authz-regexp is a global configuration option. When using back-config attribute 'olcAuthzRegexp' goes into entry cn=config and *not* a database entry beneath cn=config.
You should convert the example static configuration file to dynamic configuration "database" files with:
mkdir /path/to/slapd.example.d slapd -f slapd.conf.example -F /path/to/slapd.example.d And then carefully analyze LDIF files generated.As said I don't have the time to hold your hand on every step. You have to try out more yourself. Like I did when I was a beginner.
Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature