[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: by users in <WHO> field

To: openldap-software@OpenLDAP.org
Subject: Re: by users in <WHO> field
From: Michael Ströder <michael@stroeder.com>
Date: Sat, 03 Apr 2010 11:07:13 +0200
In-reply-to: <CE535B0F-445A-48E4-96E4-43A209404E65@OpenLDAP.org>
References: <4BB4C08B.8090703@stroeder.com> <4BB4FADB.2090804@symas.com> <CAD1828D04EB5543F2A6F8FC@[192.168.1.2]> <30B7FD8D-F9F1-4014-9C5C-0D9419B49BF8@OpenLDAP.org> <4BB645BF.3000205@stroeder.com> <CE535B0F-445A-48E4-96E4-43A209404E65@OpenLDAP.org>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100317 Lightning/1.0b1 SeaMonkey/2.0.4

Kurt Zeilenga wrote:
> IIRC, if you want all authenticated users without a directory entry to be
> treated as anonymous, you can perform a authzid mapping through an LDAP
> lookup and basically force that behavior.

Actually my slapd.conf contains a authz-regexp directive for that purpose. But
although there's no authz-DN found for the technical authc-DN the client is
treated as authenticated. Yes, this is described in slapd.conf(5) but IMO it's
wrong.

So I have to add the work-around <WHO> field Pierangelo suggested to all those
ACLs.

Ciao, Michael.

Follow-Ups:
- Re: by users in <WHO> field
  - From: masarati@aero.polimi.it

References:
- by users in <WHO> field
  - From: Michael Ströder <michael@stroeder.com>
- Re: by users in <WHO> field
  - From: Howard Chu <hyc@symas.com>
- Re: by users in <WHO> field
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: by users in <WHO> field
  - From: Kurt Zeilenga <Kurt@OpenLDAP.org>
- Re: by users in <WHO> field
  - From: Michael Ströder <michael@stroeder.com>
- Re: by users in <WHO> field
  - From: Kurt Zeilenga <Kurt@OpenLDAP.org>

Prev by Date: Re: by users in <WHO> field
Next by Date: Re: by users in <WHO> field
Index(es):
- Chronological
- Thread