[Date Prev][Date Next] [Chronological] [Thread] [Top]

Authentication Problem

To: openldap-software@OpenLDAP.org
Subject: Authentication Problem
From: "Adam T. Gautier" <adam_gautier@yahoo.com>
Date: Tue, 11 May 2004 14:13:36 -0400
User-agent: Mozilla Thunderbird 0.5 (X11/20040208)

I have an LDAP server that provides authentication credentials to apache via mod_auth_ldap. Everything is working great as fas as authentication goes. I want to provide a web based system that allows new users to create themselves in the LDAP directory. I have written the php pages for this create process. During development I have been using the rootdn and password when binding to the LDAP server. I don't want to have the rootdn password in text files. I figured I could create a php user that would be used by php when interacting with LDAP. I cannot figure out how to set up the access levels to allow the php user to only be able access "ou=people,dc=example,dc=com". I have setup the user "uid=php,ou=people,dc=example,dc=com", the rootdn is "uid=admin,ou=people,dc=example,dc=com". How do I setup slapd.conf where the "uid=php..." user can add new entries and read "*,ou=people,dc=example,dc=com" but not allowed to read anything else? I have tried lots of combos and tested using the ldapadd utility to no avail. I can replicate and show the errors if needed. Also, as a side question can I limit the access of the php user via the IP address?

(Current) slapd.conf:

security ssf=1 update_ssf=112 simple_bind=64

access to attr=userPassword by self write by anonymous auth by dn.base="uid=admin,ou=people,dc=example,dc=com" write by * none

access to *
by self write
by dn.base="uid=admin,ou=people,dc=example,dc=com" write
by * read

Prev by Date: slurpd blocking updates
Next by Date: Re: slurpd blocking updates
Index(es):
- Chronological
- Thread