[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACL's & slapd
Okie,
After reading slapd.access several times, I'm completely lost on how I
could do something that seems quite simple, but in practice is not working
at all, especially when SASL is added in:
If I have:
access to dn=""
by * read
access to attrs=suKrb5Name
by * search
access to *
by dn="suRegID=<my regid>, cn=people,dc=stanford,dc=edu" read
I can't see suKrb5Name in the output when I do an ldapsearch. Note that
I'm doing SASL authentication, so it needs search on suKrb5Name to do the
saslregexp to authenticate me. If I do
access to attrs=suKrb5Name
by * search break
It then overwrites the access with the by dn="suRegID=...." read, and then
can no longer authenticate me. Shouldn't there be some way to make access
to * truly be access to everything, regardless of the preceeding acl's?
--Quanah
--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html