[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Clarification on SSL/TLS and GQ problem
man, 2003-03-03 kl. 07:42 skrev Jayson Henkel:
> I have a similar problem to the fellow with the gq issue. I can use
> ldapmodify from localhost, but gq from my laptop fails wihen I bind with
> the correct dn and password.
GQ works beautifully for me.
> Whats interesting is when I do properly
> authenticate with the admin password I see the users field. When I
> don't I see the users information minus the password field. Doesn't this
> mean that the authentication as the admin is successful and I should be
> able to modify entries instead of getting the insufficient access error.
Yes.
> My acls are as follows:
> access to attr=userPassword
> by dn="cn=admin,dc=sterlingcrane,dc=ca" write
> by anonymous auth
> by self write
> by * auth
>
> access to *
> by dn="cn=admin,dc=sterlingcrane,dc=ca" write
> by self write
> by anonymous read
It doesn't work like that. Make that:
access to * // <-- define base and access to userPassword
attr=userPassword
by dn="cn=admin,dc=sterlingcrane,dc=ca" write
by anonymous auth
by self write
access to * // <-- define all of what's left
by dn="cn=admin,dc=sterlingcrane,dc=ca" write
by self write
by anonymous read
You could also have as base:
access to dn="dc=sterlingcrane,dc=ca" in your first rule. In fact, that
would be better.
Don't use // in your ACL!
Best,
Tony
--
Tony Earnshaw
All the world is mad, exceptin thee and me
and even thee's a little queer
e-post: tonni@billy.demon.nl
www: http://www.billy.demon.nl