[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: strong bind with back-ldap



Dieter Kluenter wrote:
> Hello,
> 
> Pierangelo Masarati <ando@sys-net.it> writes:
> 
>> Dieter Kluenter wrote:
>>> Hi,
> 
>>> | acl-bind
>>> |         bindmethod=sasl
>>> |         saslmech=digest-md5
>>> |         authcId=admanager
>>> |         credentials=xxx
>>> | #idassert-authzFrom dn.regex:cn=(.*),ou=(*)?dc=dkluenter,dc=de
>>> | idassert-bind
>>> |         bindmethod=sasl
>>> |         saslmech=digest-md5
>>> |         authzId=u:admanager
> 
> I got it properly working in the end.
> acl-bind rules as above
> 
> idassert-bind
>         bindmethod=sasl
>         saslmech=digest-md5
>         authcId=admanager
>         credentials=xxx
>         mode=self
> 
> the manual page slapd-ldap is not quite clear about mode parameters, so
> I was relying on default, thats why I configured authzId=u:admanager.

Sorry for misleading you.  I also thought the default was "self".  This
definitely needs clarification.

Cheers, p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------