[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL's: giving anonymous access (mod_auth_ldap)

To: openldap-software@OpenLDAP.org
Subject: ACL's: giving anonymous access (mod_auth_ldap)
From: Ace Suares <ace@suares.nl>
Date: Sat, 18 Oct 2003 18:19:13 -0400
Content-disposition: inline
Organization: Ace Suares' Internet Consultancy
User-agent: KMail/1.5.1


Hi, 

I am using mod_auth_ldap with apache2, so far so good.

mod_auth_ldap can log in anonymously, look for the attribute 'uid' and compare 
it to user input, retrieve the dn, and rebind with the found dn and the user 
supplied password. 

I had a set of ACL's that didn't allow this. I thought I needed to change each 
rule to give search access to attrs=uid,objectclass and read access to 
atrrs=entry. Then I found this:

access to attrs=objectclass,uid
	by anonymous search stop
	by * none break

access to attrs=entry
	by anonymous read stop
	by * none break

I have put these on the top of the ACL-list.

When searching as anonymous, it has search access to attrs=objectclass,uid, 
and read access to attrs=entry.

But if it's NOT searching anonymously, it assings 'none', but then goes on to 
match the rest of the ACL list.

Is this the standard way it's done? Anyone with experiences in this matter ? 
Other ways of doing it ?

-Ace




-- 
Ace Suares' Internet Consultancy
NIEUW ADRES: Postbus 2599, 4800 CN Breda
telefoon: 06-244 33 608
fax en voicemail: 0848-707 705
website: http://www.suares.nl * http://www.qwikzite.nl

Follow-Ups:
- Re: ACL's: giving anonymous access (mod_auth_ldap)
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Contacts schema
Next by Date: Re: ACL's: giving anonymous access (mod_auth_ldap)
Index(es):
- Chronological
- Thread