[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authenticationg only on port 636



On Mon, 24 Nov 2003 at 4:58pm, Thomas Cramer wrote:

> You are absolutely right.  That listing really wouldn't do much of
> anything.  What I meant to put was
>
> > access to *
> >         by sockurl="^ldaps:///$" auth
> >         by * read
> >         by dn="cn=Manager,o=MUSC,c=US" write
>
> Maybe my problem is understanding fully what "auth" implies.  Does it
> mean that all you can is authenticate? Or does it mean that after you
> authenticate you can read?

authenticate means authenticate.  read includes search, compare, and
authenticate -- so if you want them to be able to authenticate and read,
then give them read.

Check out:

http://www.openldap.org/faq/data/cache/453.html

-- 
Frank Swasey                    | http://www.uvm.edu/~fcs
Systems Programmer              | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
                    === God Bless Us All ===