Thus spake Alexander Brinkman: > Here I go again :) > > Everything with SASL and openLDAP is working now, except for the ACLs (I > think). I understand that there is no direct relationship between SASL users > (in Kerberos or SASLdb) and LDAP users (uid=xxx,ou=People,dc=domain,dc=org > for instance). But in that case: whats the point of authentication with > SASL? I'd like to know the answer to this question too... I've so far avoided using SASL because I haven't taken the time to understand it. > I was pointed out that it could depend on my ACLs what users would get when > they're connecting with SASL, but I can't find good references to this. > > When I do: > access to attr=userPassword > by dn=".+" write > it works (openldap knows that SASL users are authenticated), but when I do: > access to attr=userPassword > by self write > then it doesn't work. Is there a way to get this working? You need to be able to first bind anonymously, so you need to make it: access to attr=userPassword by self write by anonymous auth Wil -- W. Reilly Cooley wcooley@nakedape.cc Naked Ape Consulting http://nakedape.cc LNXS: Linux/GNU for servers, networks, and http://lnxs.org people who take care of them. *Now with integrated crypto!* irc.openprojects.net #lnxs "I go on working for the same reason a hen goes on laying eggs." - H. L. Mencken
Attachment:
pgpJ5p0DHUxfE.pgp
Description: PGP signature