[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Question "Authentification"
12 Июнь 2003 09:50, philippe.broussard@e-qual.fr написал:
> Hi,
>
>
> I would know :
>
> When an user wants authenticate to a LDAP base,
> --> the server connects (bind) to the database as
> anonymous
>
> --> search in the database if the user exists and if the
> user can read or write the attibute userPassword
>
> --> so the server connects (bind) to the database as
> user
>
> I have supposed this working through this ACL :
> >access to attr=userPassword
> > by dn.exact="cn=AdminContacts,ou=Contacts,dc=e-qual,dc=fr"
>
> write
>
> > by anonymous auth
> > by self write
> > by * none
> >
> >access to dn.subtree="ou=Contacts,dc=e-qual,dc=fr"
> > by dn.exact="cn=AdminContacts,ou=Contacts,dc=e-qual,dc=fr"
>
> write
>
> > by * none
> >
> ># access par default
> >access to *
> > by self write
> > by users read
> > by anonymous read
>
> If I'm wrong, could you explain me how works precisely the
> authentification ?
>
>
> Thanks
>
> Philippe
install proper loglevel and You will see all work with ACL in your logs.
I think, that "dn.exact=" is too much, try simple "dn=" should works.
My userPasswd clause is:
access to attr=userPassword
by self ssf=128 write
by dn="cn=Manager,dc=example,dc=com" ssf=128 write
by set="[cn=admins,ou=Groups,dc=example,dc=com]/memberUID & user/uid" ssf=128
write
by anonymous ssf=128 auth
by * none
Best regards. Sergios