[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ACL troubles - please help

To: Boris Shpungin <bshpungin@d2k.com>
Subject: RE: ACL troubles - please help
From: Terry Davis <tdavis@birddog.com>
Date: Wed, 5 Sep 2001 16:21:28 -0500
Cc: openldap-software@OpenLDAP.org
In-reply-to: <3D6771BEEBF6D41199C40001033339A3021EE5@mail.d2k.com>
References: <3D6771BEEBF6D41199C40001033339A3021EE5@mail.d2k.com>
User-agent: Internet Messaging Program (IMP) 2.3.7-cvs

Ok, that makes complete sense.  
Thank you Boris.  It all started working once I allowed it to auth.
:)

-- 
Terry Davis
Systems Administrator
BirdDog Solutions, Inc.
(402) 829-6059


Quoting Boris Shpungin <bshpungin@d2k.com>:

> ACLs are evaluated top-down.  Your first ACL below denies anyone but root
> the ability to authenticate using password to any entry under
> dc=birddog,dc=com.  You need to either amend that first ACL entry or put
> one
> up above it.  For example, put above it an entry like:
> 
> access to dn="(.*,)*dc=birddog,dc=com" attr=userPassword
>  by anonymous auth
> 
> Also, you will need to enable "auth" access to the actual user entries that
> you want users to bind to for authentication.  This means that all other DN
> components leading up to the entry also have to allow "auth".  Looking at
> the example you provided, that shouldn't be a problem, since you allow
> "read" access to your user entries (and this includes "auth").
> 
> Hope this helps.
> -Boris
> 
> -----Original Message-----
> From: Terry Davis [mailto:tdavis@birddog.com]
> Sent: Wednesday, September 05, 2001 1:47 PM
> To: openldap-software@OpenLDAP.org
> Subject: ACL troubles - please help
> 
> 
> Hello,
> I would like to be able to authenticate out of
> "ou=People,dc=birddog,dc=com". 
> For some reason, the below does not work any ideas?  I have made for sure
> that
> the username and passwd are correct. uid=td cannot do anything at all.  
> 
> access to dn="(.*,)?dc=birddog,dc=com"
> attr=uid,userPassword,mailLocalAddress,mailRoutingAddress,mailHost,shadowMax
> ,shadowWarning,shadowLastChange,loginShell,uidNumber,gidNumber,homeDirectory
> ,gecos
>                 by dn="cn=root,dc=birddog,dc=com" write
>                 by * none
> access to dn="(.*,)?ou=td,ou=AddressBooks,dc=birddog,dc=com"
>                 by dn="uid=td,ou=People,dc=birddog,dc=com" write
>                 by * none
> access to *
>                 by * read
> 
> 
> Thank you!
> 
> -- 
> Terry Davis
> Systems Administrator
> BirdDog Solutions, Inc.
> (402) 829-6059
> 
> 
> 
> 
> 
> -------------------------------------------------
> This mail sent through IMP: http://horde.org/imp/
> 


-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

Prev by Date: Re: A New Question about Referrals.
Next by Date: Re: A New Question about Referrals.
Index(es):
- Chronological
- Thread