authz-policy both
authz-regexp "^uid=admin/([^,]+),.+" "ldap:///ou=Admin,dc=example,dc=com??sub?(cn=$1)"
authz-regexp "^uid=it/([^,]+),.+" "ldap:///ou=People,dc=example,dc=it??sub?(uid=$1)"
-authz-regexp "^uid=(us/)*([^,]+),.+" "ldap:///ou=People,dc=example,dc=com??sub?(uid=$2)"
+authz-regexp "^uid=(us/)?([^,]+),.+" "ldap:///ou=People,dc=example,dc=com??sub?(uid=$2)"
#
# normal installations should protect root dse,
directory ./testrun/db.1.a
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
-index objectClass eq
-index cn,sn,uid pres,eq,sub
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
access to dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com"
attr=authzTo
directory ./testrun/db.2.a
rootdn "cn=Manager,dc=example,dc=it"
rootpw secret
-index objectClass eq
-index cn,sn,uid pres,eq,sub
+#bdb#index objectClass eq
+#bdb#index cn,sn,uid pres,eq,sub
+#hdb#index objectClass eq
+#hdb#index cn,sn,uid pres,eq,sub
+#ldbm#index objectClass eq
+#ldbm#index cn,sn,uid pres,eq,sub
database ldap
suffix "o=Example,c=US"
uri "@URI1@"
-#sasl#idassert-method "sasl" "authcDN=cn=Proxy US,ou=Admin,dc=example,dc=com" "authcID=admin/proxy US" "cred=proxy" @SASL_MECH@
-#nosasl#idassert-method "simple"
-#nosasl#idassert-authcDN "cn=Proxy US,ou=Admin,dc=example,dc=com"
-#nosasl#idassert-passwd proxy
-idassert-mode self
+#sasl#idassert-bind bindmethod=sasl binddn="cn=Proxy US,ou=Admin,dc=example,dc=com" authcId="admin/proxy US" credentials="proxy" @SASL_MECH@ mode=self
+#nosasl#idassert-bind bindmethod=simple binddn="cn=Proxy US,ou=Admin,dc=example,dc=com" credentials="proxy" mode=self
# authorizes database
idassert-authzFrom "dn.subtree:dc=example,dc=it"
acl-authcDN "cn=Proxy IT,ou=Admin,dc=example,dc=com"
acl-passwd proxy
-idassert-method "simple"
-idassert-authcDN "cn=Proxy IT,ou=Admin,dc=example,dc=com"
-idassert-passwd proxy
-idassert-mode "dn:cn=Sandbox,ou=Admin,dc=example,dc=com"
+idassert-bind bindmethod=simple binddn="cn=Proxy IT,ou=Admin,dc=example,dc=com" credentials="proxy" authzId="dn:cn=Sandbox,ou=Admin,dc=example,dc=com"
# authorizes database
idassert-authzFrom "dn.subtree:dc=example,dc=com"
by dn.exact="cn=Sandbox,ou=Admin,dc=example,dc=com" search
by * none
-#monitor#database monitor
+#monitor#database monitor