Hi folks, I'm trying to understand how the access control mechanisms in openldap work, and, I admit, I'm confused. Trawling the mailing list archives didn't help any, and the FAQ left me more confused. I'm looking at http://www.openldap.org/doc/admin/slapdconfig.html section 5.3 (Access Control) at the moment, and some things I don't follow. There's a table in section 5.3.2, "Access Entity Specifiers" +---------------------------------------------------------------+ | Specifier | Entities | |------------+--------------------------------------------------| | * | All, including anonymous and authenticated users | |------------+--------------------------------------------------| | anonymous | Anonymous (non-authenticated) users | |------------+--------------------------------------------------| | users | Authenticated users | |------------+--------------------------------------------------| | self | User associated with target entry | |------------+--------------------------------------------------| | dn=<regex> | Users matching regular expression | +---------------------------------------------------------------+ "*" and "anonymous" I understand. "users" doesn't make sense. It says "Authenticated users", but I can't see anywhere in the documentation where it explains how a user is supposed to authenticate themselves. "self" doesn't make sense either. How is a 'user' associated with a 'target entry'? The specific situation I'm trying to create is one where I have a directory structure that's like this: o dc=example,dc=com | +--o cn=Manager,dc=example,dc=com | +--o ou=users,dc=example,dc=com | +--o uid=nik,ou=users,dc=example,dc=com | +- userPassword: foo | +- homeDirectory: /home/nik | +- ... | +--o uid=mark,ou=users,dc=example,dc=com | +- userPassword: bar | +- homeDirectory: /home/mark | +- ... : : such that people can browse the directory, using their uid and password (which should be encrypted in the directory). Any pointers gratefully received. I'll cheerfully write up my experiences for the FAQ. N -- FreeBSD: The Power to Serve http://www.freebsd.org/ FreeBSD Documentation Project http://www.freebsd.org/docproj/ --- 15B8 3FFC DDB4 34B0 AA5F 94B7 93A8 0764 2C37 E375 ---
Attachment:
pgpgek2rFlNAU.pgp
Description: PGP signature