[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: access
I try to connect with ud with my access set to the below I get :
* bind Chiodi
Authenticating to the directory as "JT Chiodi"...
Enter your LDAP password:
Enter your LDAP password:
Authentication successful.
access to dn=".*,ou=Roaming,dc=amsite,dc=com" by dnattr=owner write
access to attr=userpassword
by self write
by * none
access to attr=uid,ou,sn,givenname,objectclass
by self read
by * search
access to dn=".*,dc=amsite,dc=com"
by dn=".*,dc=amsite,dc=com" read
by * read
And I can bind. note the last line above. If I change that from
by * read to by * none and try to bind in ud I get the following:
* bind Chiodi
I could not find "Chiodi" in the Directory.
I used a search base of amsite, com
Of course with by * read set I can browse my ldap directory without
authenticating.
> squeegy+ldap@squeegy.org wrote:
> >
> > Hi,
> >
> > I have restricted access to my ldap server, now how do authenticate?
> > does LDAP hit the /etc/passwd file authentication? So far i have
>
> No. LDAP uses its own authentication to control access. The access is
> based upon Access Control Lists.
>
> For the simplest possible setup, keep the rootpw in slapd.conf the
> default "secret".
>
> Then bind to the directory as the manager (whatever you made the rootdn
> entry).
>
> Then try to modify an entry from ud:
>
> * cb o=Williams Communications, c=US
>
> * bind Manager
> Authenticating to the directory as "Manager"...
> Enter your LDAP password: *********
> Authentication successful.
>
> * vedit David
>
> ...
>
> It should work for you.
>
> As far as making the driectory editable by users try this: (Warning I
> don't really know how (in)secure this is in your slapd.conf:
>
> defaultaccess read
> access to * by self write
> by dn="cn=Manager, ou=SAM, o=Concentric Network, c=US" write
>
> These should be the last line in your slapd.conf (or before a second
> database definition...
>
> If you need more help with ACL's check the documentation (SLAPD/SLURPD
> Admin guid) there are some examples in there.
>
> Hope that helps...
>
> David
>
> > seen
> > unable to access my ldap server since restricting it. Thanks for the
> > help.
> >
> > > squeegy+ldap@squeegy.org schrieb:
> > > >
> > > > Hi,
> > > >
> > > > Thanks to the help I have gotten here, I have
> > > > built my directory. I want this directory to be used only by
> > > > those inside the company. How do I password protect the
> > directory
> > > > and disable anonymous searches?
> >
> > ___________________
> >
> > Jt "The Squeegy" Chiodi
> >
> > http://www.squeegy.org/
> > squeegy@squeegy.org
>
___________________
Jt "The Squeegy" Chiodi
http://www.squeegy.org/
squeegy@squeegy.org
- References:
- Re: access
- From: David Buttrick <david.buttrick@wilcom.com>