[Date Prev][Date Next] [Chronological] [Thread] [Top]

Searching the LDAP Database?



Hello;

I realize this question show my lack of experience with LDAP, but here
goes...

I am configuring a qmail/LDAP server, I ran across something I need to fix:
the fact that the LDAP directory is searchable anonymously.  I'd really like
to use the qmail user's information to control who can access the LDAP
server (objectclass=qmailUser).  For example, my base dn is as follows:  dn:
dc=tbred, dc=com.  From Outlook 2000, I can enter this string as my base dn,
and search till my heart's content.

My question is this:  how can I change this to force users to authenticate
using the same username/password pair they use for mail?  How can I prevent
the rootdn from showing up in a search?

I've played a bit with the "access" commands in slapd.conf, but to no avail.
To my mind, the following should at least prevent the rootdn from being
displayed:

rootdn "cn=Manager, dc=tbred, dc=com"
access to dn="cn=Manager, dc=tbred, dc=com"
by self write
by * none

However, my search still turns up the Manager entry...

Help?

Jim McConnell

--
James K. McConnell (jkm@tbred.com)
Network Administrator
Phone: (732) 560-1377 x7732
Fax: (732) 560-1594
BEGIN:VCARD
VERSION:2.1
N:McConnell;James;K.
FN:James K. McConnell
NICKNAME:Jim
ORG:Thoroughbred Software International, Inc.;Information Technology
TITLE:Network Administrator
TEL;WORK;VOICE:(732) 560-1377 x7732
TEL;WORK;FAX:(732) 560-1594
ADR;WORK:;;19 Schoolhouse Rd.;Somerset;NJ;08875-6712;USA
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:19 Schoolhouse Rd.=0D=0ASomerset, NJ 08875-6712=0D=0AUSA
URL:
URL:http://www.tbred.com/
EMAIL;PREF;INTERNET:jkm@tbred.com
REV:19990902T172018Z
END:VCARD