[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Short question on access-rights

To: "Harry Rüter" <harry_rueter@gmx.de>
Subject: Re: Short question on access-rights
From: "Pierangelo Masarati" <masarati@aero.polimi.it>
Date: Wed, 31 Jul 2002 09:57:02 +0000
Cc: "OpenLDAP-software@OpenLDAP.org" <OpenLDAP-software@OpenLDAP.org>
In-reply-to: <3D478C5C.8E65997E@gmx.de>
References: <3D478C5C.8E65997E@gmx.de>

Harry Rüter writes:

Hi everybody,

i'm a little unsure about how to configure access-rights for authentication.

There are two kinds of entries that are needd for authentication :

1) id (uid,cn,..) 2) password (userPassword,lmPassword,ntPassword,...)

Which access-right do i have to set for authetication ? Would the following be correct ? Are there differences between v2.1.x and v2.0.x ?
----snipp----
access to attr=uid,cn
   by anonymous auth
   by * none

These need at least search permission, if all you have to do is authentication (e.g. search for the DN corresponding to some uid/cn; then try a bind for that DN with the given creds).


access to attr=userPassword,lmPassword,ntPassword
   by anonymous auth
   by * none

This is fine if nobody needs to be able to change creds.

----snipp----

greets Harry

Dr. Pierangelo Masarati | voice: +39 02 2399 8309 Dip. Ing. Aerospaziale | fax: +39 02 2399 8334 Politecnico di Milano | mailto:pierangelo.masarati@polimi.it via La Masa 34, 20156 Milano, Italy | http://www.aero.polimi.it/~masarati

References:
- Short question on access-rights
  - From: Harry Rüter <harry_rueter@gmx.de>

Prev by Date: Re: question about how to enforce directory tree structure
Next by Date: Re: * not working in search
Index(es):
- Chronological
- Thread