[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: does back-sql bypass ACL ?



I've implemented openldap with sybase, and do not have these problems. I can't totally recall without looking at the code (maybe Kurt knows better), but the access atributes are controlled by the "core" part of openldap. I am using a slightly "older" openldap, but this is the schema I used:
access to attr=telephoneNumber
by self read
by anonymous auth
by * none



--On Saturday, May 11, 2002 4:34 AM +0200 Frederic Saincy <freddy@lovelinux.org> wrote:


Hi all,

I have successfully installed a postgresql (7.2.1) backend to an
openldap (2.0.23) using iodbc (3.0.6) helped with the excellent howto
that you can find here:

http://www.samse.fr/GPL/ldap_pg/
(by the way, does these patches would be integrated ?)

Here is my problem:

in slapd.conf

# this works. (can't use LDAP to update the database)
# readonly on

# this works (anonymous don't get telephoneNumber)
access to attribute=telephoneNumber
        by  cn=root,=sql,c=RU
        by * none


# this DOES NOT WORK # (even anonymous can add/delete entries, modify attributes... ) access to * by dn="cn=root,=sql,c=RU" write by * read


with ldbm, all works fine.

I have read this:

openldap-2.0.23/servers/slapd/back-sql/docs/*
http://www.openldap.org/faq/data/cache/378.html

I have search here:

http://www.openldap.org/lists/openldap-software/
http://www.google.org/

But find no clue.

Does people using Oracle, MS SQL Server experiencing same problems ?
I can provide more information if needed.

Bye.