[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: userPassword ACL for radius account

To: scott.walker@magma.ca
Subject: Re: userPassword ACL for radius account
From: Buchan Milne <bgmilne@obsidian.co.za>
Date: Thu, 15 Jul 2004 20:04:33 +0200
Cc: Openldap-software@OpenLDAP.org
In-reply-to: <40F6AC55.2010201@magma.ca>
References: <40F6AC55.2010201@magma.ca>
User-agent: Mozilla Thunderbird 0.7.1 (X11/20040701)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Scott Walker wrote:
| Hi all,
| I need to allow my radius server's local radius userid access to
| everyones passwd in the directory for dial-up authentication.

If your radius server *really* needs to have read access to the
userPassword it is broken - you may want to investigate other radius
servers which aren't broken ...

| The
| radius account is not in the directory.
|
| Would something simple in the first acl like:  by dn="radius" read  work?

Well, assuming that it is a valid dn, and has a userpassword attribute/

|
| # ACL
| access  to attr=userPassword
|         by dn="cn=admin,o=domain"         read
|         by self         read
|         by anonymous    auth
|         by *            none
|
| access  to *
|         by *            read
|


Regards,
Buchan

- --
Buchan Milne                      Senior Support Technician
Obsidian Systems                  http://www.obsidian.co.za
B.Eng                                RHCE (803004789010797)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA9scxrJK6UGDSBKcRAooPAJ0WespzIMs8Wb+rS/gfBnshlPu7/wCgiFBW
GQDR++ZZxwrQ/KZqqMyGeeI=
=wSu2
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: userPassword ACL for radius account
  - From: Scott Walker <scott.walker@magma.ca>

References:
- userPassword ACL for radius account
  - From: Scott Walker <scott.walker@magma.ca>

Prev by Date: userPassword ACL for radius account
Next by Date: Netgroup syntax error
Index(es):
- Chronological
- Thread