From a98696e1c1cb3d4e9bd9ecc59f6ac68e6dcc88fe Mon Sep 17 00:00:00 2001 From: Timo Makinen Date: Sun, 29 Jan 2023 02:45:04 +0000 Subject: [PATCH] ldap_server: Set correct DN when using SASL auth --- roles/ldap_server/templates/slapd.conf.j2 | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/ldap_server/templates/slapd.conf.j2 b/roles/ldap_server/templates/slapd.conf.j2 index fc120a6..5849191 100644 --- a/roles/ldap_server/templates/slapd.conf.j2 +++ b/roles/ldap_server/templates/slapd.conf.j2 @@ -124,6 +124,14 @@ authz-regexp authz-regexp "uid=([^,]\+),cn=gss-spnego,cn=auth" "ldap:///{{ ldap_basedn }}??sub?(&(uid=$1)(objectClass=posixAccount))" +# map sasl plain users +authz-regexp + "uid=([^.]\+),cn=plain,cn=auth" + "ldap:///{{ ldap_basedn }}??sub?(&(uid=$1)(objectClass=posixAccount))" +# map sasl login users +authz-regexp + "uid=([^.]\+),cn=login,cn=auth" + "ldap:///{{ ldap_basedn }}??sub?(&(uid=$1)(objectClass=posixAccount))" # require authentication for authenticated users that don't match above access to *