[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Searching the LDAP Database?
Hello;
I realize this question show my lack of experience with LDAP, but here
goes...
I am configuring a qmail/LDAP server, I ran across something I need to fix:
the fact that the LDAP directory is searchable anonymously. I'd really like
to use the qmail user's information to control who can access the LDAP
server (objectclass=qmailUser). For example, my base dn is as follows: dn:
dc=tbred, dc=com. From Outlook 2000, I can enter this string as my base dn,
and search till my heart's content.
My question is this: how can I change this to force users to authenticate
using the same username/password pair they use for mail? How can I prevent
the rootdn from showing up in a search?
I've played a bit with the "access" commands in slapd.conf, but to no avail.
To my mind, the following should at least prevent the rootdn from being
displayed:
rootdn "cn=Manager, dc=tbred, dc=com"
access to dn="cn=Manager, dc=tbred, dc=com"
by self write
by * none
However, my search still turns up the Manager entry...
Help?
Jim McConnell
--
James K. McConnell (jkm@tbred.com)
Network Administrator
Phone: (732) 560-1377 x7732
Fax: (732) 560-1594
BEGIN:VCARD
VERSION:2.1
N:McConnell;James;K.
FN:James K. McConnell
NICKNAME:Jim
ORG:Thoroughbred Software International, Inc.;Information Technology
TITLE:Network Administrator
TEL;WORK;VOICE:(732) 560-1377 x7732
TEL;WORK;FAX:(732) 560-1594
ADR;WORK:;;19 Schoolhouse Rd.;Somerset;NJ;08875-6712;USA
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:19 Schoolhouse Rd.=0D=0ASomerset, NJ 08875-6712=0D=0AUSA
URL:
URL:http://www.tbred.com/
EMAIL;PREF;INTERNET:jkm@tbred.com
REV:19990902T172018Z
END:VCARD