[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: newbie question



Hi,

Chakravarthy Cuddapah <chakravarthy@mac.com> writes:

> Suggested solutions did not work. I will give all details: From
> slapd.conf: access to dn="o=my_org"
>         by * write
>         by * read
>
> suffix "o=my_org" rootdn "cn=admin,o=Keerthana Technologies" rootpw
> admin_password
>
> I added entries to LDAP using: ldapadd -f entries.ldif -x -D
> "cn=admin,o=my_org" -w admin_password
>
> I do a search on ldapsearch -x -b 'o=my_org' '(objectclass=*)'
>
> All entries are listed.
>
> I want to restrict access to users only and changed access to: access
> to dn="o=my_org"
>           by users write
>           by anonymous auth
>           by * none
>
> Now I do a search and nothing is listed. What should be the search
> parm with this change ?

If you have used the same ldapsearch string as above, than it is obvious.
Your ldapsearch string is an anonymous bind.
You want to have authenticated users to have write access. That can be
achieved either by sasl mechanisms or by a simple bind.
A simple bind would be:
ldapsearch -x -D "cn=user,o=my_org" -W -b "o=my_org"  objectclass=*
If you have implemented sasl and created sasldb you could do a strong
bind by
ldapsearch -Y digest-md5 -U user -b "o=my_org"

-Dieter
 
-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de