[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: I can't seem to find the answer to these olcAccess questions
- To: "'Ryan Tandy'" <ryan@nardis.ca>
- Subject: RE: I can't seem to find the answer to these olcAccess questions
- From: "Nick Gray" <nick@graysaustin.com>
- Date: Tue, 12 Sep 2017 21:40:46 -0500
- Cc: openldap-technical@openldap.org
- Content-language: en-us
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1505270453; s=zoho; d=graysaustin.com; i=nick@graysaustin.com; h=From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; l=1639; bh=IilnGV3kqIWUX/v/X/vf2kZeVdq+Jl2GuR89tWjd6aM=; b=mOOVu7P2w7ZvlQ/7cOk9NaziAZ3SjQGuD6UmcUUl6XgT+0+Ey0GfdQJa2yq8qJRC 6MWSXWY2Pb+MvhMOHd35kKxjnBTKc7+pw5Hn3yucO7OTU1+uslmTigF+14E94Zr708K PIdX8ctcHqLDHzbNQTU/dcUR2De0beGBJMB8l73c=
- In-reply-to: <20170912193832.a3ggdrykkqxbcbcs@comet.nardis.ca>
- References: <00a601d32b43$7e68d8c0$7b3a8a40$@graysaustin.com> <20170912193832.a3ggdrykkqxbcbcs@comet.nardis.ca>
- Thread-index: AQIBAIjaEjPDU9JKhaLJeJvkdHqOhAJ6LqdnokKfN9A=
I read the man page, but I guess I understood that the first rule only
matched everything as a far as "what" to access. I thought it went what,
who, permissions
My intent was to enable both of these to work.
Access to all
dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage and
access to all dn.base=" cn=Manager,dc=local,dc=bob,dc=com" to manage as well
The first one I am using, I guess as intended from the command line, and the
second I would use from the command line as well, in a tool, etc.
What would that ruleset look like?
-----Original Message-----
From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On
Behalf Of Ryan Tandy
Sent: Tuesday, September 12, 2017 2:39 PM
To: Nick Gray <nick@graysaustin.com>
Cc: openldap-technical@openldap.org
Subject: Re: I can't seem to find the answer to these olcAccess questions
On Mon, Sep 11, 2017 at 04:18:20PM -0500, Nick Gray wrote:
>With this config,.shouldn't this work as well
>
>ldapsearch -x -W -D cn=Manager,dc=local,dc=bob,dc=com -b cn=config
>olcDatabase=\*
The rules on your config database are:
olcAccess: {0} to * by
dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
olcAccess: {1} to * by dn="cn=Manager,dc=local,dc=bob,dc=com" manage
The first matches everything (*), so the second is never consulted.
>My other question is where is there a reference to exactly what
>"gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" means. I
>can't seem to find one.
http://www.openldap.org/doc/admin24/sasl.html#IPC%20(ldapi%3A%2F%2F%2F)%20Id
entity%20Format