From 11665d7a97e320fb38fd076da3ad7c62f36a1362 Mon Sep 17 00:00:00 2001
From: Buchan Milne <buchan@mageia.org>
Date: Tue, 2 Nov 2010 11:52:31 +0000
Subject: Use roles

---
 catdap.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'catdap.yml')

diff --git a/catdap.yml b/catdap.yml
index 87964be..3a62e3a 100644
--- a/catdap.yml
+++ b/catdap.yml
@@ -20,7 +20,7 @@ Model::Proxy:
 # dn and password should not be required here, we rebind with credentials
 # from the authenticated user using Model::LDAP::FromAuthentication
 Model::User:
-        base: ou=People,dc=mageia,dc=org
+        base: dc=mageia,dc=org
         host: ldap.mageia.org
         start_tls: 1
 
@@ -43,10 +43,12 @@ authentication:
                                 user_scope:     'one'
                                 user_field:     'uid'
                                 use_roles:      1
-                                role_basedn:    'ou=group,dc=mageia,dc=org'
-                                role_scope:     'one'
+                                role_basedn:    'dc=mageia,dc=org'
+                                role_scope:     'sub'
                                 role_field:     'cn'
-                                role_value:     'uid'
+                                role_value:     'dn'
+                                role_filter:    '(member=%s)'
+                                role_search_as_user: 1
 
 Controller::User:
 # Attributes that the user can edit. Attributes present but not listed here
-- 
cgit v1.2.1