[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem with ACLs

To: Quanah Gibson-Mount <quanah@symas.com>, jtrupp@symas.com, openldap-technical@openldap.org
Subject: Re: Problem with ACLs
From: Bill Bradford <mrbill@mrbill.net>
Date: Fri, 31 Aug 2018 13:49:09 -0500
Content-disposition: inline
In-reply-to: <DD243247105441563DE258D1@[192.168.1.10]>
References: <20180830191722.GW12349@mrbill.net> <005301d4413a$a62c59a0$f2850ce0$@symas.com> <20180831175550.GY12349@mrbill.net> <C8B3D1C51539B07B7C6D331E@[192.168.1.10]> <20180831182518.GB12349@mrbill.net> <DD243247105441563DE258D1@[192.168.1.10]>
User-agent: Mutt/1.9.3 (2018-01-21)

On Fri, Aug 31, 2018 at 11:33:59AM -0700, Quanah Gibson-Mount wrote:

Hi Bill,
This has nothing to do with ACLs. You failed to even bind to theserver. This means that either:
(a) The user DN provided to the -D option does not exist on the ldapserver
or
(b) you provided the wrong password for the user
--Quanah


RESOLVED!

So this apparently boils down to something wrong with how I created the new
account.  No idea why I could bind w/ADS but not ldapsearch, but anyway:

When I added an ACL for *my* user account to be able to read everything,
and bound using MY account and password (instead of the new account),
EVERYTHING works as expected - full access to other user's password hashes,
but no ability to make changes.

So I just need to figure out what went wrong there and fix it, and that's
all on my end.

Thanks again everyone for your help.

Bill

--
Bill Bradford
Houston, Texas USA

References:
- Problem with ACLs
  - From: Bill Bradford <mrbill@mrbill.net>
- RE: Problem with ACLs
  - From: Jason Trupp <jtrupp@symas.com>
- Re: Problem with ACLs
  - From: Bill Bradford <mrbill@mrbill.net>
- Re: Problem with ACLs
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Problem with ACLs
  - From: Bill Bradford <mrbill@mrbill.net>
- Re: Problem with ACLs
  - From: Quanah Gibson-Mount <quanah@symas.com>

Prev by Date: Re: Problem with ACLs
Index(es):
- Chronological
- Thread