[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How-to secure PosixAccount attr ?

To: FM <dist-list@LEXUM.UMontreal.CA>
Subject: Re: How-to secure PosixAccount attr ?
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 08 Dec 2004 22:49:43 -0800
Cc: OpenLDAP-Software <openldap-software@OpenLDAP.org>
In-reply-to: <41B61D9B.9050708@lexum.umontreal.ca>
References: <41B61D9B.9050708@lexum.umontreal.ca>

At 01:16 PM 12/7/2004, FM wrote:
>server openldap 2.2.17, with sasl auth (krb5)
>
>access to dn.regex="^([^,]*,)?ou=[^,]+,(dc=[^,]+(,dc=[^,]+)*)$"
>        attrs=posixAccount
>        by anonymous auth
>        by users     read
>        by self      read
>
>The prob is that if I use id user1 for examples, the BIND="" unless I harcode it on in ldap.conf.

You must be referring to some non-OpenLDAP ldap.conf.  If
slapd(8) is reporting BIND="", then the client is anonymous.

>How can I secure those info ?

Well, first you likely need to have the client authenticate.

>Is there a way to pass the current DN on the user ?

Maybe, see the client documentation about what authentication
options it offers and how to configure those options.

Kurt

References:
- How-to secure PosixAccount attr ?
  - From: FM <dist-list@LEXUM.UMontreal.CA>

Prev by Date: Re: How-to secure PosixAccount attr ?
Next by Date: Re: About Openldap Schema Problem.
Index(es):
- Chronological
- Thread