Hello,
I try to write an ACL for my OpenLDAP 2.0.25 installation. I want to allow users to login using PAM. Authenticated users may read some, not all attributes; anonymous users should not be able to see any entry of the directory at all. I can not figure out, which attributes must be readable in order to allow PAM to authenticate. In my pam_ldap.conf it says:
---------------
pam_filter objectclass=posixAccount
pam_login_attribute uid
---------------
If I set my ACL to "access to * by * read" it works but with
access to attr=userPassword
by self write
by anonymous auth
by dn="cn=Manager,dc=mrball,dc=net" write
by * none
access to attr=dn,objectclass,loginShell,objectClass,o,entry,uidNumber,gidNumber,dc,uid
by anonymous read
by * read
access to *
by self read
by users read
by anonymous auth
it does not.
Could anyone help me with this?
Thank you in advance,
Jan-Philipp MayerAttachment:
00000000.mimetmp
Description: PGP signature
Attachment:
pgp0iDfdAy4cS.pgp
Description: PGP signature