[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Restricted/controlled simple bind

To: Howard Chu <hyc@symas.com>
Subject: Re: Restricted/controlled simple bind
From: Pierangelo Masarati <ando@sys-net.it>
Date: Thu, 14 Feb 2008 11:50:04 +0100
Cc: Tobias Franzén <lists.zxinn@otaking.se>, openldap-software@openldap.org
In-reply-to: <47B41798.1060409@symas.com>
References: <47B338E2.3060409@otaking.se> <47B40F99.60704@sys-net.it> <47B41798.1060409@symas.com>
User-agent: Mail/News 1.5.0.8 (X11/20061210)

Howard Chu wrote:

>> access to attrs=userPassword
>>     by group="ou=Simple Bind" auth
>>     by * break
> 
> Not quite. "auth" operations are always anonymous.
> 
> It would need to be something like
> 
> access to dn.one="ou=Simple Bind" attrs=userPassword
>     by anonymous auth
> 
>> access to attrs=userPassword val.regex="^{SASL}.*"
>>     by * auth

Right.  A set would allow to define a group of users allowed to simple
bind without physically placing them under that entry; something like

access to attrs=userPassword
    by set="[ou=Simple Bind]/member & this" auth

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------

References:
- Restricted/controlled simple bind
  - From: Tobias Franzén <lists.zxinn@otaking.se>
- Re: Restricted/controlled simple bind
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: Restricted/controlled simple bind
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: openldap and tls
Next by Date: Re: Dynlist query
Index(es):
- Chronological
- Thread