[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP permissions question


Igor Shmukler schrieb (20.03.2015 11:21 Uhr):
Unfortunately, your email does not clear anything, FOR ME. It does not
mean you are not 100% correct. I am just slow, I guess. Sorry.
do simple things first! Do more complex things later!

- Configure a rootdn with rootpw for each database. Use this to
  authenticate to slapd und modify things.
  This works? Fine, go on.
- Create a user entry inside your DIT.
  Use this entry as rootdn.
  This works? Fine, go on.
- Map this user entry from your local unix user with olcAuthzRegexp
  to use with ldapi and EXTERNAL.
  This works? Fine, go on.
- or make your first steps with ACLs and another user entry.

I don't see why/how Michael's suggestion with olcAuthzRegexp could
work. The way that could have worked - multiple remaps, different for
each database is not allowed.
Read again what Michael said:
"authz-regexp is a global configuration option."

The one permitted - inside config
database, as far as I understand, does not do what I need.
Do you need multiple mappings?
As you are one user on your system, this maps to one user in ldap with olcAuthzRegexp.
As Micheal already posted:


uid 0 (from your system) maps to ldap entry cn=root,dc=example,dc=com.