Re: LDAP access question

[Frank Swasey <Frank.Swasey@uvm.edu>]

Today at 2:31pm, Tony Earnshaw wrote:

> fre, 2002-08-23 kl. 13:39 skrev Frank Swasey:
>
> > I use the following and anonymous searches do not return objectclass...
> > I don't understand why people are having a problem with this.
>
> > access to attrs=objectClass
> >         by dn="cn=IAmYourGodAndIWillDoWhatIWant,dc=example,dc=com" write
> >         by self read
> >         by * search
>
> > With "by * none" a lot of default filters "(objectclass=*)" fail....
>
> There just has to be one out of three possible explanations for your
> findings:
>
> 1: - The most likely - you are frightening the thing to death with your
> DN and it doesn't dare to do otherwise;

That's probably it... or it's to early for me to obfuscate with
delicateness :)

> 2: You are using a very old version of Openldap;

Is 2.0.23 that old?

> 3: Your app just doesn't show you objectCasses. Like Mozilla 1.0 for
> example.

% ldapsearch -x -LLL netid=fcs objectclass
dn: uid=fcs,ou=People,dc=uvm,dc=edu

Hmm, it works for me....

> Surely you realise that someone like Adam Morrison wouldn't just say
> what he does for fun? Nor yet I and others experience what we do?

I realise it.  I just don't understand why it works for me and not
anyone else....

If I offended anyone, I will apologize and blame the causticness of my
response on the early hour, the poor night's sleep, and a complete lack
of caffeine at the time I wrote it.

-- 
Frank Swasey                    | http://www.uvm.edu/~fcs
Systems Programmer              | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
                    === God Bless Us All ===