[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap access configuration

To: Aurélien COQ <acoq@telecom.insa-lyon.fr>
Subject: Re: openldap access configuration
From: Francois Beretti <francois.beretti@enatel.com>
Date: 11 Mar 2003 11:25:34 +0100
Cc: Liste OpenLDAP Software <openldap-software@OpenLDAP.org>
In-reply-to: <3E6DA928.2010807@telecom.insa-lyon.fr>
References: <3E6DA928.2010807@telecom.insa-lyon.fr>

just in case, is it something you want, to have "cn=Admin..." in your
acl
and "cn=Manager..." as rootdn ?

Francois

Le mar 11/03/2003 à 10:15, Aurélien COQ a écrit :
> I've installed Openldap 2.1.12 on Red Hat 8.0 and i'm facing 
> configuration problems.
> My slapd demon seems to run well but when i want to access my directory 
> using LDAP Browser/editor v2.8.1 (using java) in order to read and 
> administer the directory, I can connect but i can't read or write :
> 
> error message "Failed to read entry dc=...."
> 
> I'm binding as the manager using the password stored in the slapd.conf 
> file.
> 
> Here is my configuration file that's in /usr/local/etc/openldap/
> 
> /# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.5 2002/11/26 
> 18:26:01 kurt Exp $
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include        /usr/local/etc/openldap/schema/core.schema
> 
> # Define global ACLs to disable default read access.
> 
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral    ldap://root.openldap.org
> 
> pidfile        /usr/local/var/slapd.pid
> argsfile    /usr/local/var/slapd.args
> 
> # Load dynamic backend modules:
> # modulepath    /usr/local/libexec/openldap
> # moduleload    back_bdb.la
> # moduleload    back_ldap.la
> # moduleload    back_ldbm.la
> # moduleload    back_passwd.la
> # moduleload    back_shell.la
> 
> # Sample security restrictions
> #
> #   Disallow clear text exchange of passwords
> # disallow bind_simple_unprotected
> #
> #    Require integrity protection (prevent hijacking)
> #    Require 112-bit (3DES or better) encryption for updates
> #    Require 63-bit encryption for simple bind
> # security ssf=1 update_ssf=112 simple_bind=64
> 
> # Access control policy:
> # Defined by Aurelien
> access to attr=userPassword
>        by self write
>        by anonymous auth
>        by dn.base="cn=Admin,dc=tc-visage,dc=insa-lyon,dc=fr" write
>        by * none
> access to *
>        by self write
>        by dn.base="cn=Admin,dc=tc-visage,dc=insa-lyon,dc=fr" write
>        by * read
> #######################################################################
> # ldbm database definitions
> #######################################################################
> 
> database    bdb
> suffix        "dc=tc-visage,dc=insa-lyon,dc=fr"
> rootdn        "cn=Manager,dc=tc-visage,dc=insa-lyon,dc=fr"
> # Cleartext passwords, especially for the rootdn, should
> # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> rootpw        pass
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd/tools. Mode 700 recommended.
> directory    /usr/local/var/openldap-data
> # Indices to maintain
> index    objectClass    eq/
> 
> Is there something wrong with the access control list or what else could 
> it be?
> 
> Regards,
> 
> Aurelien COQ
> Telecom Engineer Student
> INSA de Lyon, France

References:
- openldap access configuration
  - From: Aurélien COQ <acoq@telecom.insa-lyon.fr>

Prev by Date: How to add entry when ldap database is empty
Next by Date: Re: openldap access configuration
Index(es):
- Chronological
- Thread