Geo,
Geo P.C. schrieb (14.05.2013 16:05 Uhr):First: you should read "man slapd.access" carefully.
But with this no user can able to login. But we change olcAccess: {3}to dn.subtree="ou=People,dc=prime,dc=ds,dc=geo,dc=com" by self write by * write , all users can login.
But actually we need is only the user1 need only to login to gitlab application. And the users user2 and user3 need only to login to zabbix application
Can anyone please help me to configure acl for this. Thanks in advance.
Second: a) Try to understand what your application wants to do and
b) try to reproduce this with standard ldap tools like
ldapsearch.
Point a) can be done be observing the slapd log for actions taken by your application or read the documentation of your application.
What usually happens, is:
- App bind with binddn (does this work?)
- bind user searches for a given uid under basedn (does this work?)
=> reproduce with ldapsearch -D -w -x -b ...
- If user is found by the search, App will bind as user with found dn.
(does this work?)
=> reproduce with ldapsearch -D -w -x ...
After you know what really does happen, set the ACLs accordingly.
Test again.
Marc