On 27-Jun-06, at 2:01 PM, Kurt D. Zeilenga wrote:
At 09:38 AM 6/27/2006, Jason Lixfeld wrote:I think I'm somewhat versed in the basics of OpenLDAP, but the concept of access policies eludes me because they are far beyond my current level of comprehension. That being said, I'm doing some trial by fire to try to make sense of how they work and hopefully will then be able to relate some of what I read in the manual to what I've made happen in tests...
I'm trying to get a proxyuser working so I don't have to do everything as Manager.
I put this entry into my slapd.conf as per some tutorials I read:
access to attrs=userPassword by dn="cn=Proxyuser,dc=example,dc=ca" read
and likewise, these entries into my ldap.conf:
binddn cn=Proxyuser,dc=example,dc=ca bindpw **** rootbinddn cn=Proxyuser,dc=example,dc=ca
and finally, the Proxyuser password in /etc/ldap.secret.
bindpw and rootbinddn are not OpenLDAP configuration directives. binddn is, but its not relevant here as you used the -D flag (or were specifying an anonymous bind). I also do not see the relevance of a ldap.secret given you didn't tell ldapsearch(1) to use a password file (via the -y flag).
Also, I'm a little confused about the difference between binddn and rootbinddn.
Well, given that rootbinddn is not a OpenLDAP ldap.conf(5) directive, it's ignored. As was bindpw. In your use of ldapsearch(1), binddn directive was ignored because either you provided a binddn or were specifying an anonymous bind (e.g., no password).
Note that discussion regarding the difference of directives in non-OpenLDAP software packages (such as PAM/LDAP and NSS/LDAP) is off-topic here.
- Kurt