[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How-to secure PosixAccount attr ?



At 01:16 PM 12/7/2004, FM wrote:
>server openldap 2.2.17, with sasl auth (krb5)
>
>access to dn.regex="^([^,]*,)?ou=[^,]+,(dc=[^,]+(,dc=[^,]+)*)$"
>        attrs=posixAccount
>        by anonymous auth
>        by users     read
>        by self      read
>
>The prob is that if I use id user1 for examples, the BIND="" unless I harcode it on in ldap.conf.

You must be referring to some non-OpenLDAP ldap.conf.  If
slapd(8) is reporting BIND="", then the client is anonymous.

>How can I secure those info ?

Well, first you likely need to have the client authenticate.

>Is there a way to pass the current DN on the user ?

Maybe, see the client documentation about what authentication
options it offers and how to configure those options.

Kurt