[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap access configuration

To: openldap-software@OpenLDAP.org
Subject: openldap access configuration
From: Aurélien COQ <acoq@telecom.insa-lyon.fr>
Date: Tue, 11 Mar 2003 10:15:20 +0100
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020830

I've installed Openldap 2.1.12 on Red Hat 8.0 and i'm facing configuration problems. My slapd demon seems to run well but when i want to access my directory using LDAP Browser/editor v2.8.1 (using java) in order to read and administer the directory, I can connect but i can't read or write :

error message "Failed to read entry dc=...."

I'm binding as the manager using the password stored in the slapd.conf file.

Here is my configuration file that's in /usr/local/etc/openldap/

/# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.5 2002/11/26 18:26:01 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral    ldap://root.openldap.org

pidfile        /usr/local/var/slapd.pid
argsfile    /usr/local/var/slapd.args

# Load dynamic backend modules:
# modulepath    /usr/local/libexec/openldap
# moduleload    back_bdb.la
# moduleload    back_ldap.la
# moduleload    back_ldbm.la
# moduleload    back_passwd.la
# moduleload    back_shell.la

# Sample security restrictions
#
#   Disallow clear text exchange of passwords
# disallow bind_simple_unprotected
#
#    Require integrity protection (prevent hijacking)
#    Require 112-bit (3DES or better) encryption for updates
#    Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Access control policy:
# Defined by Aurelien
access to attr=userPassword
      by self write
      by anonymous auth
      by dn.base="cn=Admin,dc=tc-visage,dc=insa-lyon,dc=fr" write
      by * none
access to *
      by self write
      by dn.base="cn=Admin,dc=tc-visage,dc=insa-lyon,dc=fr" write
      by * read
#######################################################################
# ldbm database definitions
#######################################################################

database    bdb
suffix        "dc=tc-visage,dc=insa-lyon,dc=fr"
rootdn        "cn=Manager,dc=tc-visage,dc=insa-lyon,dc=fr"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw        pass
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory    /usr/local/var/openldap-data
# Indices to maintain
index    objectClass    eq/

Is there something wrong with the access control list or what else could it be?

Regards,

Aurelien COQ
Telecom Engineer Student
INSA de Lyon, France

Follow-Ups:
- Re: openldap access configuration
  - From: Francois Beretti <francois.beretti@enatel.com>
- Re: openldap access configuration
  - From: Tony Earnshaw <tonni@billy.demon.nl>

Prev by Date: Re: Ldap ad with invalid structural object class error ( Another error )
Next by Date: meaning of tags
Index(es):
- Chronological
- Thread