[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: separate acl for different access methods

To: openldap-software@OpenLDAP.org
Subject: Re: separate acl for different access methods
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Tue, 08 Feb 2005 22:12:25 +0100
In-reply-to: <cub610$pg$1@sea.gmane.org> (Jason Joines's message of "Tue, 08 Feb 2005 14:06:12 -0600")
Organization: AVCI
References: <cub610$pg$1@sea.gmane.org>
User-agent: Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.4 (Rational FORTRAN, linux)

Jason Joines <joines@bus.okstate.edu> writes:

>   I'm using OpenLDAP 2.2.15 on SuSE Linux 9.2.  With this slapd.conf
>   and modifications to the permissions on the socket file
>   /var/run/slapd/ldapi and it's parent directory I have this situation.
>  All searches using tcp require TLS as desired.

> slave:~ #
> slave:~ # ldapsearch -x -H ldapi://%2fvar%2frun%2fslapd%2fldapi uid=bogus dn
> # search result
> search: 2
> result: 0 Success
>
>   However, authenticated searches do require authentication even when
>   using the socket.  I don't want this.

> security  ssf=1 update_ssf=128 simple_bind=128
> password-hash {MD5}

ldapi has a built in ssf of 71, you either reduce your ssf
definition or add a transport declaration, see man slapd.conf(5)

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:01443B53

Follow-Ups:
- Re: separate acl for different access methods
  - From: Jason Joines <joines@bus.okstate.edu>

References:
- separate acl for different access methods
  - From: Jason Joines <joines@bus.okstate.edu>

Prev by Date: Admin Console for OpenLdap
Next by Date: A Good Book on Open LDAP
Index(es):
- Chronological
- Thread