[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: group access
Yes.
I added userPasword attributes to my user records and it works!!
My lesson learnt:
When you bind (using -D), it always needs a password to authenticate. So
always have -[W|w].
Right?
My next question: ldappasswd lets me use a non "userPassword" token as the
password attribute name (using -a). In such a case, is it always possible
for me to assign "myPasswd" as the the password attribute name for all uses?
How would I tell the server to look for "myPasswd" when I do a
ldapsearch -D"...." -w "...."?
Thanks all,
Joe Sabu
----- Original Message -----
From: Eric Bréhier - SCI <eric.brehier@unilim.fr>
To: Joe Sabu <Joe.Sabu@dothill.com>; <openldap-software@OpenLDAP.org>
Sent: Tuesday, December 07, 1999 3:02 AM
Subject: Re: group access
> Hello,
>
> You've said :
> 1/ >ldapsearch -L -b "ou=accounts,dc=boxhill,dc=com" -D
> >"uid=xxx,ou=accounts,dc=boxhill,dc=com" "(cn=*)".
>
> 2/ => acl_access_allowed: search access to value "any" by ""
> ><= ldbm_back_group: "" not in
> "CN=ADMINDUDES,OU=ACCOUNTS,DC=BOXHILL,DC=COM":
> >member
> ><= acl_access_allowed: matched by clause #2 access denied
>
> 2/ tells you : "" not in "CN=ADMIN....." so your sign-in is "" because of
> 1/ lack of -W perhaps
> -D is authenticated only with password provided so -W is needed
>
> Eric
>
> (---------------------------------------------------------------------)
> ( Eric Brehier - Service Commun Informatique )
> ( Universite de Limoges - France )
> ( e-mail : eric.brehier@unilim.fr )
> (---------------------------------------------------------------------)
>