[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: newbie q about 'access'
> Hallo
>
> I decide to use ldap server for serving pgp keys.
> So i installed openldap21-server from freebsd ports and set up
> slapd.conf. Then, I started slapd and initialized database with
> init.ldif
> Next, i use pgp 8.0 to create and send keys to server.
> And here is a trouble:
> Jan 13 16:50:27 gw slapd[42360]: conn=3 fd=13 ACCEPT from
> IP=192.168.230.32:2167 (IP=192.168.230.1:389)
> Jan 13 16:50:27 gw slapd[42360]: conn=3 op=0 ADD
> dn="pgpCertID=3631AEB186896855,dc=palma,dc=net"
> Jan 13 16:50:27 gw slapd[42360]: conn=3 op=0 RESULT tag=105 err=8
> text=modifications require authentication
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Jan 13 16:50:27 gw slapd[42360]: conn=3 op=1 UNBIND
> Jan 13 16:50:27 gw slapd[42360]: conn=3 fd=13 closed
>
> =========> slapd.conf <==============
> include /usr/local/etc/openldap/schema/core.schema
> include /usr/local/etc/openldap/schema/pgp-keyserver.schema
>
> pidfile /var/run/openldap/slapd.pid
> argsfile /var/run/openldap/slapd.args
> sockbuf_max_incoming 524288
>
> database bdb
> suffix "ou=PGP Keys,dc=palma,dc=net"
> rootdn "cn=admin,ou=PGP Keys,dc=palma,dc=net"
> rootpw {MD5}S0F3ecDS6Oq/+7KlVIznMQ==
> directory /var/db/openldap-data
> index objectClass eq
> index pgpCertID,pgpKeyID,pgpKeyType,pgpUserID,pgpKeyCreateTime
> sub,eq
> index pgpSignerID,pgpSubKeyID,pgpKeySize,pgpKeyExpireTime
> sub,eq
> index pgpDisabled,pgpRevoked eq
>
> access to *
> by * write
> =========> slapd.conf <==============
>
> =========> init.idif <==============
> dn: ou=PGP Keys,dc=palma,dc=net
> objectclass: organizationalUnit
> ou: PGP Keys
>
> dn: cn=PGPServerInfo,ou=PGP Keys,dc=palma,dc=net
> cn: PGPServerInfo
> objectclass: pgpserverinfo
> pgpSoftware: OpenLDAP slapd
> pgpVersion: 2.0.23
> pgpBaseKeyspaceDN: ou=PGP Keys,dc=palma,dc=net
> =========> init.ldif <==============
>
> Why its require authentication, when i told, that all users have write
> permissions?
> Maybe you can give me few hints.
It has nothing to do withg ACLs.
see slapd.conf(5) "allow" directive.
Are you serious about that ACLs, though?
p.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it