[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authenticationg only on port 636

To: openldap-software@OpenLDAP.org
Subject: Re: Authenticationg only on port 636
From: Turbo Fredriksson <turbo@bayour.com>
Date: 25 Nov 2003 09:10:29 +0100
In-reply-to: <3FC27F14.9090107@musc.edu>
Organization: LDAP/Kerberos expert wannabe
References: <3FC20898.70806@musc.edu> <Pine.LNX.4.58.0311241130420.30751@ebova.hiz.rqh> <3FC27F14.9090107@musc.edu>
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

Quoting Thomas Cramer <cramert@musc.edu>:

> You are absolutely right.  That listing really wouldn't do much of
> anything.  What I meant to put was
> 
> > access to *
> >         by sockurl="^ldaps:///$" auth
> >         by * read
> >         by dn="cn=Manager,o=MUSC,c=US" write
> 
> Maybe my problem is understanding fully what "auth" implies.  Does it
> mean that all you can is authenticate? Or does it mean that after you
> authenticate you can read?  ==
> tc

The 'auth' more or less give you read access to the userPassword entry
(but only when doing the authentication, not when looking at the object).

I can't come up with the ACL you need right now (to early, to little coffey :)
but you don't want the 'auth' directive for what you want to do...

References:
- Authenticationg only on port 636
  - From: Thomas Cramer <cramert@musc.edu>
- Re: Authenticationg only on port 636
  - From: Frank Swasey <Frank.Swasey@uvm.edu>
- Re: Authenticationg only on port 636
  - From: Thomas Cramer <cramert@musc.edu>

Prev by Date: Re: newbie question
Next by Date: RE: newbie question
Index(es):
- Chronological
- Thread