[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL configuration in openldap 1.2.11



I tried adding "by dn=".*" auth" and restarting slapd.  It complained about
that line.  I changed it to "by * auth" and it complained about that line too.

 # access control list stuff
 defaultaccess read
 access to *
        by self write
> 
> Patrick Timmons <ptimmons@courriel.polymtl.ca> said:
> 
> > again, it's attrs not attr.
> > Currious I didn't see the anonymous. Normaly it's coded as 'by * auth' or
I
> think 'by dn=".*" auth' is equivalent but not shure.
> > 
> > Joseph Hoot wrote:
> > > 
> > > the logs were complaining about "by anonymous."  I commented that out
and
> it
> > > runs.  However, my user can't change the password with the following:
> > > 
> > >  ldappasswd -t uid=jhoot,ou=people,dc=nowcom,dc=com -H md5
> > > 
> > > with the below access rules, my user jhoot should be able to change his
> > > password right?
> > > 
> > > Joseph Hoot <joe@networkpenguin.com> said:
> > > 
> > > > I am trying to get acl stuff working in 1.2.11 and have entered a
simple
> acl
> > > > in my /etc/openldap/slapd.conf.  Here it is:
> > > >
> > > > # access control list stuff
> > > > defaultaccess read
> > > > access to attr=userPassword
> > > >        by self write
> > > >        by anonymous auth
> > > >        by dn="cn=Admin,dc=nowcom,dc=com" write
> > > >
> > > > when I restart slapd with /etc/rc.d/init.d/ldap restart  it starts and
> dies
> > > > immediately.  Any thoughts on why its dieing?
> > > >
> > > > --
> > > > Joseph Hoot
> > > > System Administrator
> > > > http://www.networkpenguin.com
> > > > joe@networkpenguin.com