[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Access Control
Quoting Matty <mattyml@bellsouth.net>:
| I just got this to work (FINALLY!!). I added:
|
| access to attrs=userpassword
| by * auth
You might want it more like:
access to attribute=userPassword
by self write
by anonymous auth
by * none
|
| to the top of my access declarations. Anyone know why this is required?
It isn't for the ldapsearch that you were asking about. But as I mentioned
in my previous email, a password was required based on your acl.
ed
|
| Thanks,
| Ryan
|
| On Fri, 2002-12-27 at 21:27, Matty wrote:
| > Howdy folks,
| >
| > I have been mucking with Access Control for the past day and 1/2, and
| > cannot seem to get a cn to authenticate. I created several
| > contact objects, and a cn named email [1] which I want to allow
| > read/write access to a specific branch of my DIT. After reading through
| > the docs on www.openldap.org, I thought:
| >
| > access to dn="ou=contacts,dc=dom,dc=com"
| > by dn="cn=email,dc=dom,dc=com" write
| >
| > would allow email to read/write to the contacts branch of the tree. When
| > I run ldapsearch:
| >
| > $ ldapsearch -h ldap.dom.com -LL -D 'cn=email,dc=dom,dc=com' -b
| > 'ou=contacts,dc=dom,dc=com' '(cn=*)'
| >
| > I get:
| >
| > Bind Password:
| > ldap_simple_bind_s: Insufficient access
| >
| > Anyone happen to know what I am missing? I have experimented with
| > various things I found on google, but so far, no luck :(
| >
| > Thanks for any insight,
| > Ryan
| >
| > [1]
| > dn: cn=email,dc=dom,dc=com
| > objectClass: top
| > objectClass: organizationalRole
| > objectClass: simpleSecurityObject
| > cn: email
| > description: User allowed to update the contacts tree
| > userPassword: (MD5)94cc0f2c4100623b4efc85a534b7cd2a
| --
| Ryan Matteson - UNIX Administrator
| GPG ID: 1B52A210 2002-12-01 Ryan Matteson (Primary Key Pair)
| <matty91@bellsouth.net>
| Public Key: http://www.daemons.net/~matty/public.asc
| Detached Digital Signature: http://www.daemons.net/~matty/public.sig.asc
| Fingerprint = A0B1 298E 29C4 3F26 01D5 EDFC 3D62 281F 1B52 A210
|
|
--
-------------------------------------------------