[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Authenticationg only on port 636
Quoting Thomas Cramer <cramert@musc.edu>:
> You are absolutely right. That listing really wouldn't do much of
> anything. What I meant to put was
>
> > access to *
> > by sockurl="^ldaps:///$" auth
> > by * read
> > by dn="cn=Manager,o=MUSC,c=US" write
>
> Maybe my problem is understanding fully what "auth" implies. Does it
> mean that all you can is authenticate? Or does it mean that after you
> authenticate you can read? ==
> tc
The 'auth' more or less give you read access to the userPassword entry
(but only when doing the authentication, not when looking at the object).
I can't come up with the ACL you need right now (to early, to little coffey :)
but you don't want the 'auth' directive for what you want to do...