[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACL issue
Hi,
I have been messing around with access control lists for a few hours now,
and I come up with the next stuff to be able to login using ssh. To me,
the access for anonymous to the attr=userPassword seems a bit too
unrestricted, and I think/hope it should be "auth" instead of "read".
But then I cannot login.
Can someone help me make this as restrictive as possible? I have no
other ACL stuff defined in slapd.conf.
Basically any remark is welcome ;)
-- begin slapd.conf snippet --
database ldbm
suffix "dc=zomba,dc=doobah,dc=net"
rootdn "cn=admin,dc=zomba,dc=doobah,dc=net"
rootpw {SSHA}VYHEYqOi+ajqowRkKglkm/qGbIMLRCml
directory /var/lib/ldap
access to attr=userPassword
by self write
by anonymous read
by * none
access to dn="uid=.*,ou=People,dc=zomba,dc=doobah,dc=net"
by anonymous read
access to attr=entry
by anonymous read
#access to dn="cn=.*,ou=Group,dc=zomba,dc=doobah,dc=net"
# by anonymous read
access to *
by self write
by users read
by anonymous search
-- end slapd.conf snippet --
--
Grtz,
Arjen.