[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Schema not available with restrictive ACLs
Hi again! I was working to clamp down on our openldap server with ACLs and
noticed that some tools that expect to see the schema from the LDAP server
(I believe this is always made available to an LDAP client, even when using
an anon. bind) failed. Is there a way I can stop anon. connections but still
allow schema viewing?
Our ACLs basically consists of this:
access to attrs=userPassword
by * auth
access to dn=".*,ou=People,dc=example,dc=com"
by dn="uid=app,ou=Accounts,dc=example,dc=com" write
by dn="uid=app2,ou=Accounts,dc=example,dc=com" read
by dn="uid=app3,ou=Accounts,dc=example,dc=com" read
I read the slapd.conf manpage and I didn't see anything specific to ACLs and
schemas.
I was thinking of something along the lines of:
access to schema
by * read
access to attrs=userPassword
by * auth
access to dn=".*,ou=People,dc=example,dc=com"
by dn="uid=app,ou=Accounts,dc=example,dc=com" write
by dn="uid=app2,ou=Accounts,dc=example,dc=com" read
by dn="uid=app3,ou=Accounts,dc=example,dc=com" read