[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Searching the LDAP Database?
Hi Jim,
An undocumented ''feature'' of the slapd.conf file is
that the access to command takes spaces if you continue
on a newline. So where you have
access to dn="cn=Manager, dc=tbred, dc=com"
by self write
by * none
you probably want
access to dn="cn=Manager, dc=tbred, dc=com"
by self write
by * none
This detail isn't documented anywhere in either U-M's docs,
or (last I looked, which was a while ago) in the OpenLDAP
docs.
Also, make sure you have
defaultaccess none
to deny any access that's not explicitly given in slapd.conf
access to directives.
Theoretically, that should be all you need; try it and see.
--Keith
kkeller@sirius.com
Jim McConnell wrote:
[snip]
> My question is this: how can I change this to force users to authenticate
> using the same username/password pair they use for mail? How can I prevent
> the rootdn from showing up in a search?
>
> I've played a bit with the "access" commands in slapd.conf, but to no avail.
> To my mind, the following should at least prevent the rootdn from being
> displayed:
>
> rootdn "cn=Manager, dc=tbred, dc=com"
> access to dn="cn=Manager, dc=tbred, dc=com"
> by self write
> by * none