mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
b506fd178e
In case an ID override was created for an Active Directory user in the default trust view, allow mapping the incoming GSSAPI authenticated connection to the ID override for this user. This allows to self-manage ID override parameters from the CLI, for example, SSH public keys or certificates. Admins can define what can be changed by the users via self-service permissions. Part of https://fedorahosted.org/freeipa/ticket/2149 Part of https://fedorahosted.org/freeipa/ticket/3242 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
9 lines
402 B
Plaintext
9 lines
402 B
Plaintext
dn: cn=ID Overridden Principal,cn=mapping,cn=sasl,cn=config
|
|
default:cn: ID Overridden Principal
|
|
default:nsSaslMapBaseDNTemplate: cn=default trust view,cn=views,cn=accounts,$SUFFIX
|
|
default:nsSaslMapFilterTemplate: (&(ipaoriginaluid=\1@\2)(objectclass=ipaUserOverride))
|
|
default:nsSaslMapPriority: 20
|
|
default:nsSaslMapRegexString: \(.*\)@\(.*\)
|
|
default:objectClass: top
|
|
default:objectClass: nsSaslMapping
|