[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Connection failures from OS X, appears to be TLS-related
- To: openldap-software@OpenLDAP.org
- Subject: Re: Connection failures from OS X, appears to be TLS-related
- From: "Ben Beuchler" <insyte@gmail.com>
- Date: Tue, 6 Jun 2006 15:13:58 -0500
- Content-disposition: inline
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=hyZZVOpHxX/xnA2padRU3Wgs/88Zh2xwYf+A5FUCRMXy3+KV4CyshvE3KIaXaZmACeHdR70ZXecmM4iRKJwm0HVovcPlFIx9522roRZrUX3aX0qUfDQheJACxrEn+cwXXA1vVhk7OBarmCIwb2QLnu3RKFiO+JR9WVy7r3pSWF8=
- In-reply-to: <Pine.SOL.4.58.0605221709560.10297@toolbox.rutgers.edu>
- References: <479b70ed0605050920y36c7c5bbn661085417f858b76@mail.gmail.com> <Pine.SOL.4.58.0605051939090.10297@toolbox.rutgers.edu> <479b70ed0605221400q35af1ecrd10e4cb49479da73@mail.gmail.com> <Pine.SOL.4.58.0605221709560.10297@toolbox.rutgers.edu>
On 5/22/06, Aaron Richton <richton@nbcs.rutgers.edu> wrote:
> Care to share the ACL you're using? I've tried both of these:
In the global section (before any "database" lines), first access line:
access to dn.exact=""
attrs=supportedSASLMechanisms
by * none
So with that in place, I lose access to any of the other
configuration-related entries. For example, some of the GUI LDAP
tools (e.g., JXplorer) want to use the data from subschemaSubentry to
find the available objectClasses (by looking in cn=Subschema).
Clearly I can fix this by making the very next line after the above
ACL something like this:
access to dn.subtree=""
by * read
However, that's a little disconcerting. What are the default
permissions on this "metadata" section of the tree? Is 'by * read' a
reasonable choice?
Thanks!
-Ben