Part 2 to my question. I just
saw that when I authenticate as myself and not the rootdn. My admin
client is telling me I'm an anonymous user. So maybe my rules are
right and the problem lies elsewhere?
----- Forwarded by Mike
Carpenter/Arnold Industries on 06/06/2003 10:29 AM -----
"Mike Carpenter" <MCarpenter@roadwaynextday.com> Sent by: owner-openldap-software@OpenLDAP.org
06/06/2003 10:16 AM
To:
openldap-software@OpenLDAP.org
cc:
Subject:
slapd.conf Access Question
I just wanted to take a moment to thank everyone who has answered my questions.
You have really helped get my LDAP project off the ground.
However, now another question has arisen.
In the slapd.conf file, I am trying to set-up the access rights so my administrators
don't need to authenticate using the rootdn.
My access rules are as follows:
access to attr=userPassword
by self write
by anonymous auth
by dn.base="cn=Admins,o=myorg,c=us"
write
by * none
access to *
by self write
by dn.base="cn=Admins,o=myorg,c=us"
write
by * read
cn=Admins,o=myorg,c=us being an organization role with several roleoccupant
attributes, each one containing a DN of a directory administrator.
It appears that the 1st access rule is working correctly, since people
in the group can see and manage the password while people outside the group
can not see the attribute, however the second access rule is not working
at all. It appears that everyone only has read access except the
rootdn of course.