[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: i have no name!

To: openldap-software@OpenLDAP.org
Subject: Re: i have no name!
From: German Poo Caaman~o <gpoo@ubiobio.cl>
Date: 14 Feb 2003 17:48:52 -0300
In-reply-to: <BA72A92A.3224%jonesy@cs.princeton.edu>
Organization:
References: <BA72A92A.3224%jonesy@cs.princeton.edu>

El vie, 14 de 02 de 2003 a las 16:09, Brian Jones escribió:
> On 2/13/03 9:31 AM, "James Bourne" <jbourne@mtroyal.ab.ca> wrote:
> 
> > We have found that using the root user (admin or
> > whatever) and /etc/ldap.secret are not really required.
> 
> I would absolutely love to have an understanding of how I could do away with
> the ldap.secret file.

Lets the bind anonymously.  Just comment 

binddn ...
bindpw ...

(lets as default).

On your slapd.conf you can define (by example):

access to attribute=userPassword
        by dn="ou=admin,dc=example,dc=com" write
        by anonymous auth
        by self write
        by * none

access to *
        by dn="cn=admin,dc=example,dc=com" write
        by * read

To allow anyone can ask by any attribute but userPassword.

-- 
German Poo Caaman~o
mailto:gpoo@ubiobio.cl
http://www.ubiobio.cl/~gpoo/chilelindo.html
"Hay 10 tipos de personas: las que entienden binario y las que no."

References:
- Re: i have no name!
  - From: Brian Jones <jonesy@CS.Princeton.EDU>

Prev by Date: Re: i have no name!
Next by Date: Re: Questions on ACL
Index(es):
- Chronological
- Thread