Re: Can query as anonymous or manager, but can't bind

[Tony Earnshaw <tonye@billy.demon.nl>]

fre, 27.02.2004 kl. 19.55 skrev Chris St. Pierre:

> I tried changing the access control as you recommended, and that didn't solve
> the problem of being unable to bind.

O.k. Always remember to ask: "If if works for everybody else, why am I
the exception?"

Take that first ACL and change it just for the experiment:

access to attr=userPassword
        by * read

Can any user bind now? If not, what is the DN to which you are granting
access for the userPassword attribute?

This is more or less exactly what I have:

access to dn.base=""
  by * read
 
access to dn.base="cn=Subschema"
  by dn=cn=admin,dc=billy,dc=demon,dc=nl write
  by * read
 
access to dn.subtree=dc=billy,dc=demon,dc=nl
  attr=userPassword
  by anonymous auth
  by dn=cn=admin,dc=billy,dc=demon,dc=nl write
  by group=cn=peoplemanagers,ou=people,ou=groups,dc=billy,dc=demon,dc=nl
        write <<== all this ACL on one line!
  by self write
  by * none

Also, look again at the standard ACLs in slapd.conf.default ...

--Tonni

-- 

mail: billy - at - billy.demon.nl
http://www.billy.demon.nl