[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Access list problem
Hi,
Then I guess the last ACL statement needs changing to something like:
access to * by * read
Which I think the default if you leave it out anyway.
After than you need to check your clients if they are actually binding
with appropriate DN and password.
--
Ziya
On 2004-04-27 15:50:45 +0000, Nicolas Goy wrote:
> Hello,
>
> ldapsearch -h orphea -x -b "ou=goyman.com sa,dc=goyman,dc=com" -D
> "uid=goyman,ou=goyman.com sa,dc=goyman,dc=com" -w "*******"
> "(objectClass=inetOrgPerson)"
>
> Produce the good result with or without ACL. (With ACL, I can't acces
> unauthorised resources as well)
>
> But with other client (Address Book on macosx (v3), mozilla (v3 too I
> think)) I have empty result with acl, and good result without.
>
> Any idea?
>
> Regards
>
> G.
> On Apr 27, 2004, at 3:20 PM, Ziya Suzen wrote:
>
> >Hi Nicolas,
> >
> >ACL looked fine to me. I wonder what your ldapsearch options are. This
> >does not look like an ACL problem actually. It can even be the case
> >that your other LDAP clients only talks v2.
> >
> >--
> >Ziya Suzen
> >
> >On 2004-04-27 13:11:43 +0000, Nicolas Goy wrote:
> >>Hello,
> >>
> >>I got only this access list in my configuration:
> >>
> >>access to attr=userPassword
> >> by self read
> >> by anonymous auth
> >> by * none
> >>
> >>access to dn.regex="^.*,ou=([^,]+),dc=goyman,dc=com"
> >> by dn.regex="^.*,ou=$1,dc=goyman,dc=com" read
> >> by * none
> >>
> >>access to *
> >> by self read
> >> by users none
> >> by * none
> >>
> >>It work is I use ldapsearch. But whith my ldap clients, (mozilla,
> >>address book) I don't have any result when I do a search.
> >>
> >>I wonder why.
> >>
> >>What I want is to allow for example user
> >>uid=toto,ou=ACompany,dc=goyman,dc=com will be able to read for
> >>everything under ou=ACompany,dc=goyman,dc=com.
> >>
> >>Best Regards
> >>
> >>Goyman
> >>
> .::.:..: Celui qui appr?hende le lendemain mourra idiot .:..:::
>
> goyman
>