[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Security between server and client nodes.

To: openldap-technical@openldap.org
Subject: Re: Security between server and client nodes.
From: Bjørn Ruberg <bjorn@ruberg.no>
Date: Wed, 30 Nov 2011 08:27:44 +0100
In-reply-to: <CAPDKCfdjbz_OFkED6EaCXuRrbNjNchOhS-aD19AeAK0f-CN_LQ@mail.gmail.com>
References: <CAPDKCff_wciCJa=+oEjVozK4RVDkpNyB=-3uYpqKdw7LLS=8_w@mail.gmail.com> <CAPDKCff4WHo5k23=2UN1G9efd1p18Yu+knw8jpDzG9csh=zrzw@mail.gmail.com> <CAPDKCfdjbz_OFkED6EaCXuRrbNjNchOhS-aD19AeAK0f-CN_LQ@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20111124 Thunderbird/8.0

On 11/30/2011 08:01 AM, Jayavant Patil wrote:

[...]

I have two users ldap_6 and ldap_7. I want to restrict a user tosee his own data only.
     In slapd.conf, I specified the rule as follows:
           access to *
              by self write.
              by * none

     But ldap_6 can see the ldap_7 user entries (or vice versa) with
$ldapsearch -x -v -D "cn=root,dc=abc,dc=com" -b"ou=People,dc=abc,dc=com" "uid=ldap_7"
   Any suggestions?


The above search is done as cn=root, not uid=ldap_6.

If cn=root is your rootdn, it can see everything.

--
Bjørn

References:
- Security between server and client nodes.
  - From: Jayavant Patil <jayavant.patil82@gmail.com>
- Re: Security between server and client nodes.
  - From: Jayavant Patil <jayavant.patil82@gmail.com>
- Re: Security between server and client nodes.
  - From: Jayavant Patil <jayavant.patil82@gmail.com>

Prev by Date: Re: Security between server and client nodes.
Next by Date: Re: Security between server and client nodes.
Index(es):
- Chronological
- Thread