[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: About ldapwhoami



Jacques Foucry wrote:
> Le 30/05/2013 16:50, Dan White a Ãcrit :
> Hello Dan,
> 
>> Does ldapsearch work using the same credentials?
> 
> Definitely no.
> 
> It work with the rootdn:
> 
> ldapsearch -x -D cn=admin,dc=example,dc=com -W
> 
> but it did not work with a user. Sound like an acl issue.
> 
> Here is my ACL
> 
> access to attrs=userPassword
>         by self write
>     by dn="cn=syncuser,dc=example,dc=com" read
>         by anonymous auth
>         by * none
> 
> access to attrs=userPassword
>         by self write
>         by anonymous auth
>         by * none

Do you really have two clauses for 'userPassword'? Why?

You can find some ACL recipes in the FAQ:
http://www.openldap.org/faq/data/cache/189.html

Also see man page slapd.access(5):
http://www.openldap.org/software/man.cgi?query=slapd.access

I'd just go for:

access to attrs=userPassword
    by self write
    by dn="cn=syncuser,dc=example,dc=com" read
    by * auth

Ciao, Michael.


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature