[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL issue
tir, 2002-12-03 kl. 22:09 skrev Arjen van Drie:
> I have been messing around with access control lists for a few hours now,
> and I come up with the next stuff to be able to login using ssh. To me,
> the access for anonymous to the attr=userPassword seems a bit too
> unrestricted, and I think/hope it should be "auth" instead of "read".
> But then I cannot login.
Mess around a bit for a few days or a few weeks, and you'll be well on
your way.
Yes, it should be 'by anonymous auth', otherwise you'll have everybody
in the world reading all your users' passwords, and I don't suppose you
want that.
The reason why you can't log in, is that you haven't said what people
can have access to. You have in the ACLs below it. That's because you've
spent hours on it and should have gone to bed anyway. Go and have a beer
and begin again tomorrow.
access do dn.children="dc=zomba,dc=doobah,dc=net"
attr=userPassword
by anonymous auth
by self write
by * none
Best,
Tony
--
Tony Earnshaw
When all's said and done ...
there's nothing left to say or do.
e-post: tonni@billy.demon.nl
www: http://www.billy.demon.nl
- References:
- ACL issue
- From: Arjen van Drie <arjen-openldap@3va.net>