[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: AW: PAM-Authentication / ACL
I think it is not a problem with the access to userPassword. When trying "su username" the error message is "unkown id: username".
> Hallo,
>
> What does not work?
> In fact I had similar problems (Solaris 2.6, openldap 2.1.2) which were solved as soon as I wrote "access" statements in one line! Try
>
> access to attr=userPassword by self write by anonymous auth by dn="cn=Manager,dc=mrball,dc=net" write by * none
>
> instead of
>
> access to attr=userPassword
> by self write
> by anonymous auth
> by dn="cn=Manager,dc=mrball,dc=net" write
> by * none
>
> Cheers, Vadim Tarassov.
>
> -----Ursprüngliche Nachricht-----
> Von: Jan-Philipp Mayer [mailto:newsgroups@mayersnet.de]
> Gesendet: Freitag, 30. August 2002 10:14
> An: openldap-software@OpenLDAP.org
> Betreff: PAM-Authentication / ACL
>
>
> Hello,
>
> I try to write an ACL for my OpenLDAP 2.0.25 installation. I want to allow users to login using PAM. Authenticated users may read some, not all attributes; anonymous users should not be able to see any entry of the directory at all. I can not figure out, which attributes must be readable in order to allow PAM to authenticate. In my pam_ldap.conf it says:
> ---------------
> pam_filter objectclass=posixAccount
> pam_login_attribute uid
> ---------------
>
> If I set my ACL to "access to * by * read" it works but with
>
> access to attr=userPassword
> by self write
> by anonymous auth
> by dn="cn=Manager,dc=mrball,dc=net" write
> by * none
> access to attr=dn,objectclass,loginShell,objectClass,o,entry,uidNumber,gidNumber,dc,uid
> by anonymous read
> by * read
> access to *
> by self read
> by users read
> by anonymous auth
>
> it does not.
>
> Could anyone help me with this?
>
>
> Thank you in advance,
>
> Jan-Philipp Mayer
>
>
>