[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACLs for the root DSE

To: openldap-software@OpenLDAP.org
Subject: ACLs for the root DSE
From: "Mark H. Wood" <mwood@IUPUI.Edu>
Date: Wed, 4 Apr 2001 11:32:24 -0500 (EST)

How do I write an ACL that matches only the root DSE?  What I'm after is
to grant access to the attributes such as supportedSASLMechanisms and
namingContexts.  Without it, e.g. ldapsearch can't negotiate a SASL
mechanism because until it's bound it has no access to the mechanisms
list.  (I've denied unauthenticated access to everything, and now I want
an exception for these attributes.)

(In case it helps, this is what could be happening when the sample SASL
client and server work, but ldapsearch fails in ldap_sasl_bind_s if you
omit -Y but works if you provide '-Y asupportedmechanism'.)

-- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
Make a good day.

Prev by Date: 2.0.8? Release schedule?
Next by Date: Undocumented access control stuff?
Index(es):
- Chronological
- Thread