Skip to content

Latest commit

 

History

History
61 lines (35 loc) · 1.61 KB

ldap-dit.rst

File metadata and controls

61 lines (35 loc) · 1.61 KB
Raw

LDAP Directory Information Tree

This document describes how the debops.saslauthd Ansible role fits in the ldap__ref_dit.

Directory structure

  • cn=host.example.org <ldap__ref_ldap_dit> -> debops.ldap
    • uid=saslauthd <saslauthd__ldap_self_rdn>

Object Classes and Attributes

  • uid=saslauthd <saslauthd__ldap_self_rdn>
    • debops.saslauthd: Object Classes <saslauthd__ldap_self_object_classes>, Attributes <saslauthd__ldap_self_attributes>

Access Control

DebOps LDAP environment includes the 'ldapns' schema <slapd__ref_ldapns> which can be used to define access control rules to services. The lists below define the attribute values which will grant access to the service managed by the debops.saslauthd role, and specifies other roles with the same access control rules:

The smtpd LDAP profile

  • objectClass authorizedServiceObject, attribute authorizedService:
    • smtpd
    • * (all services)

LDAP filter definition: saslauthd__ldap_default_profiles

Parent nodes

  • debops.ldap <ldap__ref_ldap_dit>
    • ansible_local.ldap.base_dn <ldap__base_dn> -> saslauthd__ldap_base_dn
    • ansible_local.ldap.device_dn <ldap__device_dn> -> saslauthd__ldap_device_dn

Child nodes

There are no child nodes defined for the debops.saslauthd Ansible role.