[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: group access



Yes.
I added userPasword attributes to my user records and it works!!

My lesson learnt:
When you bind (using -D), it always needs a password to authenticate. So
always have -[W|w].

Right?
My next question: ldappasswd lets me use a non "userPassword" token as the
password attribute name (using -a). In such a case, is it always possible
for me to assign "myPasswd" as the the password attribute name for all uses?
How would I tell the server to look for "myPasswd" when I do a
ldapsearch -D"...." -w "...."?

Thanks all,
Joe Sabu

----- Original Message -----
From: Eric Bréhier - SCI <eric.brehier@unilim.fr>
To: Joe Sabu <Joe.Sabu@dothill.com>; <openldap-software@OpenLDAP.org>
Sent: Tuesday, December 07, 1999 3:02 AM
Subject: Re: group access


> Hello,
>
> You've said :
> 1/ >ldapsearch -L -b "ou=accounts,dc=boxhill,dc=com" -D
>     >"uid=xxx,ou=accounts,dc=boxhill,dc=com" "(cn=*)".
>
> 2/  => acl_access_allowed: search access to value "any" by ""
>     ><= ldbm_back_group: "" not in
> "CN=ADMINDUDES,OU=ACCOUNTS,DC=BOXHILL,DC=COM":
>     >member
>     ><= acl_access_allowed: matched by clause #2 access denied
>
> 2/ tells you : "" not in "CN=ADMIN....." so your sign-in is "" because of
> 1/  lack of -W perhaps
>     -D is authenticated only with password provided so -W is needed
>
> Eric
>
> (---------------------------------------------------------------------)
> ( Eric Brehier - Service Commun Informatique     )
> ( Universite de Limoges - France                       )
> ( e-mail : eric.brehier@unilim.fr                         )
> (---------------------------------------------------------------------)
>