[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Searching the LDAP Database?

To: Jim McConnell <jkm@tbred.com>
Subject: Re: Searching the LDAP Database?
From: Keith Keller <kkeller@sirius.com>
Date: Wed, 20 Oct 1999 10:49:58 -0700
Cc: openldap-software@OpenLDAP.org
References: <NDBBIAMFPKPLHAHKMJEFEEFLCFAA.jkm@tbred.com>

Hi Jim,

An undocumented ''feature'' of the slapd.conf file is
that the access to command takes spaces if you continue
on a newline.  So where you have

access to dn="cn=Manager, dc=tbred, dc=com"
by self write
by * none

you probably want

access to dn="cn=Manager, dc=tbred, dc=com"
 by self write
 by * none

This detail isn't documented anywhere in either U-M's docs,
or (last I looked, which was a while ago) in the OpenLDAP
docs.

Also, make sure you have

defaultaccess none

to deny any access that's not explicitly given in slapd.conf
access to directives.

Theoretically, that should be all you need; try it and see.

--Keith
kkeller@sirius.com

Jim McConnell wrote:
[snip]
> My question is this:  how can I change this to force users to authenticate
> using the same username/password pair they use for mail?  How can I prevent
> the rootdn from showing up in a search?
> 
> I've played a bit with the "access" commands in slapd.conf, but to no avail.
> To my mind, the following should at least prevent the rootdn from being
> displayed:
> 
> rootdn "cn=Manager, dc=tbred, dc=com"
> access to dn="cn=Manager, dc=tbred, dc=com"
> by self write
> by * none

Follow-Ups:
- Re: Searching the LDAP Database?
  - From: "Kurt D. Zeilenga" <kurt@OpenLDAP.org>

References:
- Searching the LDAP Database?
  - From: "Jim McConnell" <jkm@tbred.com>

Prev by Date: Re: Perfomance with ACLs
Next by Date: Re: Searching the LDAP Database?
Index(es):
- Chronological
- Thread