diff options
Diffstat (limited to 'tests/data/slapd-idassert.conf')
-rw-r--r-- | tests/data/slapd-idassert.conf | 129 |
1 files changed, 129 insertions, 0 deletions
diff --git a/tests/data/slapd-idassert.conf b/tests/data/slapd-idassert.conf new file mode 100644 index 0000000..52f163f --- /dev/null +++ b/tests/data/slapd-idassert.conf @@ -0,0 +1,129 @@ +# provider slapd config -- for testing +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +#ucdata-path ./ucdata +include @SCHEMADIR@/core.schema +include @SCHEMADIR@/cosine.schema +include @SCHEMADIR@/inetorgperson.schema +include @SCHEMADIR@/openldap.schema +include @SCHEMADIR@/nis.schema +pidfile @TESTDIR@/slapd.1.pid +argsfile @TESTDIR@/slapd.1.args + +#mod#modulepath ../servers/slapd/back-@BACKEND@/ +#mod#moduleload back_@BACKEND@.la +#ldapmod#modulepath ../servers/slapd/back-ldap/ +#ldapmod#moduleload back_ldap.la +#monitormod#modulepath ../servers/slapd/back-monitor/ +#monitormod#moduleload back_monitor.la +#rwmmod#modulepath ../servers/slapd/overlays/ +#rwmmod#moduleload rwm.la + +####################################################################### +# database definitions +####################################################################### + +authz-policy both +authz-regexp "^uid=manager,.+" "cn=Manager,dc=example,dc=com" +authz-regexp "^uid=admin/([^,]+),.+" "ldap:///ou=Admin,dc=example,dc=com??sub?(cn=$1)" +authz-regexp "^uid=it/([^,]+),.+" "ldap:///ou=People,dc=example,dc=it??sub?(uid=$1)" +authz-regexp "^uid=(us/)?([^,]+),.+" "ldap:///ou=People,dc=example,dc=com??sub?(uid=$2)" + +# +# normal installations should protect root dse, +# cn=monitor, cn=schema, and cn=config +# + +access to attrs=userpassword + by self =wx + by anonymous =x + +access to dn.exact="" + by * read + +access to * + by users read + by * search + +database @BACKEND@ + +suffix "dc=example,dc=com" +rootdn "cn=Manager,dc=example,dc=com" +rootpw secret +#null#bind on +#~null~#directory @TESTDIR@/db.1.a +#indexdb#index objectClass eq +#indexdb#index cn,sn,uid pres,eq,sub +#ndb#dbname db_1 +#ndb#include @DATADIR@/ndb.conf + +access to dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com" + attrs=authzTo + by dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com" =wx + by * =x + +database @BACKEND@ + +suffix "dc=example,dc=it" +rootdn "cn=Manager,dc=example,dc=it" +rootpw secret +#~null~#directory @TESTDIR@/db.2.a +#indexdb#index objectClass eq +#indexdb#index cn,sn,uid pres,eq,sub +#ndb#dbname db_2 +#ndb#include @DATADIR@/ndb.conf + +database ldap +suffix "o=Example,c=US" +uri "@URI1@" + +#sasl#idassert-bind bindmethod=sasl binddn="cn=Proxy US,ou=Admin,dc=example,dc=com" authcId="admin/proxy US" credentials="proxy" @SASL_MECH@ mode=self +#nosasl#idassert-bind bindmethod=simple binddn="cn=Proxy US,ou=Admin,dc=example,dc=com" credentials="proxy" mode=self + +# authorizes database +idassert-authzFrom "dn.subtree:dc=example,dc=it" + +overlay rwm +rwm-suffixmassage "dc=example,dc=com" + +database ldap +suffix "o=Esempio,c=IT" +uri "@URI1@" + +acl-authcDN "cn=Proxy IT,ou=Admin,dc=example,dc=com" +acl-passwd proxy + +idassert-bind bindmethod=simple binddn="cn=Proxy IT,ou=Admin,dc=example,dc=com" credentials="proxy" authzId="dn:cn=Sandbox,ou=Admin,dc=example,dc=com" + +# authorizes database +idassert-authzFrom "dn.subtree:dc=example,dc=com" +# authorizes anonymous +idassert-authzFrom "dn.exact:" + +overlay rwm +rwm-suffixmassage "dc=example,dc=com" + +access to attrs=entry,cn,sn,mail + by users read + +access to * + by dn.exact="cn=Proxy IT,ou=Admin,o=Esempio,c=IT" read + by group.exact="cn=Authorizable,ou=Groups,o=Esempio,c=IT" read + by dn.exact="cn=Sandbox,ou=Admin,dc=example,dc=com" search + by * none + +#monitor#database monitor +#monitor#rootdn "cn=monitor" +#monitor#rootpw monitor |