[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: access control with pbind overlay

To: openldap-technical@openldap.org
Subject: Re: access control with pbind overlay
From: Ferenc Wagner <wferi@niif.hu>
Date: Mon, 29 Sep 2014 00:14:55 +0200
In-reply-to: <87siji1zre.fsf@lant.ki.iif.hu> (Ferenc Wagner's message of "Tue, 23 Sep 2014 10:56:21 +0200")
References: <87siji1zre.fsf@lant.ki.iif.hu>
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux)

Ferenc Wagner <wferi@niif.hu> writes:

> I've got a partial syncrepl replica, which (among others) misses the
> userPassword attributes of the provider database.  I added a pbind
> overlay to the replica, which forwards binds to the provider, thus it
> became possible to do simple binds against the replica.  But access
> control on the replica does not honor these binds properly: "by users"
> works, but "by self" does not.  Before I waste too much time debugging:
> is it supposed to work at all?  I tested this under 2.4.31 with:
>
> dn: olcDatabase={1}mdb,cn=config
> olcAccess: to * by dn.exact=gidNumber=119+uidNumber=116,cn=peercred,cn=external,cn=auth read by self read by * none
> olcSyncrepl: rid=1 [...]
>
> The external auth part works, and if I replace self with users, that
> works as well (but is not what I want).  Do I expect too much?

Hi,

Would anybody please provide some guidance on this problem?
-- 
Thanks,
Feri.

Follow-Ups:
- Re: access control with pbind overlay
  - From: Dieter Klünter <dieter@dkluenter.de>

References:
- access control with pbind overlay
  - From: Ferenc Wagner <wferi@niif.hu>

Prev by Date: can a automountMap be associated with a nisNetgroup
Next by Date: Re: access control with pbind overlay
Index(es):
- Chronological
- Thread