[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: BIND with empty password



Hi,

Thanks for your answer, now another question regarding your access rules,
in your second access rule why do I need the following by:

by anonymous auth

?

Regards
Marc



                                                                                                                                               
                                                                                                                                               
                    Tony Earnshaw        To:     marc.bigler@day.com                                                                           
                    <tonni@billy.d       cc:     openldap-software@OpenLDAP.org                                                                
                    emon.nl>             Subject:     Re: BIND with empty password                                                             
                                                                                                                                               
                    11/21/02 09:48                                                                                                             
                    PM                                                                                                                         
                                                                                                                                               
                                                                                                                                               




tor, 2002-11-21 kl. 18:40 skrev marc.bigler@day.com:

> I've remarked that when I BIND to an ldap server and enter an empty
> password it binds successfully, is that normal ?

Yep.

>  I would like to only let
> users which are defined in ou=LDAPuser,dc=mydomain,dc=com to use LDAP,
how
> can I acheive that with the access statement ? I do not want to allow any
> anonymous binds...

access to dn="dc=mydomain,dc=com"
           by * none

access to dn.children="dc=mydomain,dc=com"
           by anonymous auth
           by dn="ou=LDAPuser,dc=mydomain,dc=com" write (or read or

whatever)
           by * none

access to *
           by * none

Or whatever you want.

Best,

Tony

--

Tony Earnshaw

When all's said and done ...
there's nothing left to say or do.

e-post:                   tonni@billy.demon.nl
www:                 http://www.billy.demon.nl