[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACL's: giving anonymous access (mod_auth_ldap)
- To: openldap-software@OpenLDAP.org
- Subject: ACL's: giving anonymous access (mod_auth_ldap)
- From: Ace Suares <ace@suares.nl>
- Date: Sat, 18 Oct 2003 18:19:13 -0400
- Content-disposition: inline
- Organization: Ace Suares' Internet Consultancy
- User-agent: KMail/1.5.1
Hi,
I am using mod_auth_ldap with apache2, so far so good.
mod_auth_ldap can log in anonymously, look for the attribute 'uid' and compare
it to user input, retrieve the dn, and rebind with the found dn and the user
supplied password.
I had a set of ACL's that didn't allow this. I thought I needed to change each
rule to give search access to attrs=uid,objectclass and read access to
atrrs=entry. Then I found this:
access to attrs=objectclass,uid
by anonymous search stop
by * none break
access to attrs=entry
by anonymous read stop
by * none break
I have put these on the top of the ACL-list.
When searching as anonymous, it has search access to attrs=objectclass,uid,
and read access to attrs=entry.
But if it's NOT searching anonymously, it assings 'none', but then goes on to
match the rest of the ACL list.
Is this the standard way it's done? Anyone with experiences in this matter ?
Other ways of doing it ?
-Ace
--
Ace Suares' Internet Consultancy
NIEUW ADRES: Postbus 2599, 4800 CN Breda
telefoon: 06-244 33 608
fax en voicemail: 0848-707 705
website: http://www.suares.nl * http://www.qwikzite.nl