On 08/02/2016 08:29 AM, John Lewis wrote:
> On 08/02/2016 08:17 AM, Hallvard Breien Furuseth wrote:
>> On 02. aug. 2016 13:15, John Lewis wrote:
>>> If I wanted to map the permissions from
>>> dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external to my
>>> olcRootDN: which I will call cn=Manager,dc=example,dc=com which is the
>>> olcRootDN: for dn: olcDatabase={1}mdb,cn=config, how would I do it?
>> Set the global directive olcAuthzRegexp (in cn=config) aka authz-regexp
>> (in slapd.conf) to
>> "^gidNumber=0[+]uidNumber=0,cn=peercred,cn=external$"
>> "cn=Manager,dc=example,dc=com"
>>
>>
> Slapd.conf? That is deprecated so I don't use it at all. I use ldapvi or
> ldbedit instead and connect using cn=config as the base and
> cn=admin,cn=config as the bind dn.
>
> They both render the directory as a file and run the ldap query behind
> the scenes.
>
>
I thought I figured out what you meant and I tried to add olcAuthzRegexp
as an attribute but I got this error.
failed to modify olcDatabase={1}mdb,cn=config - LDAP error 65
LDAP_OBJECT_CLASS_VIOLATION - <attribute 'olcAuthzRegexp' not allowed> <>
