[Date Prev][Date Next] [Chronological] [Thread] [Top]

Fw: slapd.conf Access Question




Part 2 to my question.   I just saw that when I authenticate as myself and not the rootdn.   My admin client is telling me I'm an anonymous user.   So maybe my rules are right and the problem lies elsewhere?
----- Forwarded by Mike Carpenter/Arnold Industries on 06/06/2003 10:29 AM -----
"Mike Carpenter" <MCarpenter@roadwaynextday.com>
Sent by: owner-openldap-software@OpenLDAP.org

06/06/2003 10:16 AM

       
        To:        openldap-software@OpenLDAP.org
        cc:        
        Subject:        slapd.conf Access Question




I just wanted to take a moment to thank everyone who has answered my questions.  You have really helped get my LDAP project off the ground.


However, now another question has arisen.


In the slapd.conf file, I am trying to set-up the access rights so my administrators don't need to authenticate using the rootdn.


My access rules are as follows:


access to attr=userPassword

       by self write

       by anonymous auth

       by dn.base="cn=Admins,o=myorg,c=us" write

       by * none


access to *

       by self write

       by dn.base="cn=Admins,o=myorg,c=us" write

       by * read


cn=Admins,o=myorg,c=us being an organization role with several roleoccupant attributes, each one containing a DN of a directory administrator.


It appears that the 1st access rule is working correctly, since people in the group can see and manage the password while people outside the group can not see the attribute, however the second access rule is not working at all.   It appears that everyone only has read access except the rootdn of course.  


Thanks again.