Hello,
I tried to change the acl, but same result.
Regards
Goyman On Apr 27, 2004, at 4:00 PM, Ziya Suzen wrote:
Hi,
Then I guess the last ACL statement needs changing to something like:
access to * by * read
Which I think the default if you leave it out anyway.
After than you need to check your clients if they are actually binding with appropriate DN and password.
-- Ziya
On 2004-04-27 15:50:45 +0000, Nicolas Goy wrote:Hello,
ldapsearch -h orphea -x -b "ou=goyman.com sa,dc=goyman,dc=com" -D "uid=goyman,ou=goyman.com sa,dc=goyman,dc=com" -w "*******" "(objectClass=inetOrgPerson)"
Produce the good result with or without ACL. (With ACL, I can't acces unauthorised resources as well)
But with other client (Address Book on macosx (v3), mozilla (v3 too I think)) I have empty result with acl, and good result without.
Any idea?
Regards
G. On Apr 27, 2004, at 3:20 PM, Ziya Suzen wrote:
Hi Nicolas,
ACL looked fine to me. I wonder what your ldapsearch options are. This
does not look like an ACL problem actually. It can even be the case
that your other LDAP clients only talks v2.
-- Ziya Suzen
On 2004-04-27 13:11:43 +0000, Nicolas Goy wrote:Hello,
I got only this access list in my configuration:
access to attr=userPassword by self read by anonymous auth by * none
access to dn.regex="^.*,ou=([^,]+),dc=goyman,dc=com" by dn.regex="^.*,ou=$1,dc=goyman,dc=com" read by * none
access to * by self read by users none by * none
It work is I use ldapsearch. But whith my ldap clients, (mozilla, address book) I don't have any result when I do a search.
I wonder why.
What I want is to allow for example user uid=toto,ou=ACompany,dc=goyman,dc=com will be able to read for everything under ou=ACompany,dc=goyman,dc=com.
Best Regards
Goyman
.::.:..: Celui qui appr?hende le lendemain mourra idiot .:..:::
goyman
.::.:..: Celui qui appréhende le lendemain mourra idiot .:..:::
goyman