[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Bind using a user other than organizationalRole user

To: Marcelo de Moraes Serpa <celoserpa@gmail.com>
Subject: Re: Bind using a user other than organizationalRole user
From: Owen Marshall <omarshall@facilityone.com>
Date: Wed, 07 Apr 2010 09:42:50 -0400
Cc: openldap-software@openldap.org
In-reply-to: <g2i1e5bcefd1004061128t1906e4e1sbc357a1f745558a1@mail.gmail.com>
Organization: FacilityONE
References: <g2i1e5bcefd1004061128t1906e4e1sbc357a1f745558a1@mail.gmail.com>

On Tue, 2010-04-06 at 13:28 -0500, Marcelo de Moraes Serpa wrote:
> Or maybe some ACL configuration I am missing that is somehow affecting
> the read access to userPassword for the specific DN.

I'd bet this is the case.

In general: if you haven't explicitly defined an ACL, OpenLDAP is
configured to allow anonymous reads -- this is *not* sufficient to auth.
You will want to allow anonymous auth to the appropriate DNs.

Use ACL debugging (olcLogLevel 128) to verify. Also, slapacl is a useful
tool you can use to verify your ACL setup.

Some worked ACL examples can be found here:
http://www.zytrax.com/books/ldap/ch6/#access

-- 
Owen Marshall
FacilityONE
omarshall@facilityone.com | (502) 805-2126

Attachment: signature.asc
Description: This is a digitally signed message part

References:
- Bind using a user other than organizationalRole user
  - From: Marcelo de Moraes Serpa <celoserpa@gmail.com>

Prev by Date: Replication problem: How to sync?
Next by Date: Re: Record last bind info?
Index(es):
- Chronological
- Thread