[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: 3 newbie questions : include new schema, ACL,





--On Tuesday, August 31, 2004 8:21 AM -0400 Frederic Medery <fmedery@gmail.com> wrote:

Hello,

My server : Redhat AS 3 (openldap 2.0.x)

When I add another schema to slapd.conf (mic.schema) for example., do
I just have to include it in the slapd.conf  and then restart the
daemon ?

Ususally.


Can we use saslRegexp with this version of openldap ?

Is it listed in the man page for slapd.conf for that version?

ACL : I'm using gssapi to connect to kerberos to get my password.
with this acl example (after a kinit kerberos_user):
access to *
   by "uid=kerberos_user,cn=gssapi,cn-auth" write
    by * none

And then I do a ldapsearch -Y

it's always the by * ... that applied.


Well, the generated DN's I've seen are:

"uid=kerberos_user,cn=<REALM>,cn=gssapi,cn=auth"

you seem to be missing the "cn=<REALM>" bit.

Like for stanford, it would be:

"uid=quanah,cn=stanford.edu,cn=gssapi,cn=auth"

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html