[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems with ACLs..

To: "'openldap-software@openldap.org'" <openldap-software@OpenLDAP.org>
Subject: Re: Problems with ACLs..
From: "Mayers, Philip J" <p.mayers@ic.ac.uk>
Date: Sat, 16 Sep 2000 20:39:04 +0100


Yes, you are of course right. Fixing the ACLs fixed most of it...

It turns out that the SASL UID was "UID=pjm3" rather than
"UID=pjm3+realm=NET.IC.AC.UK". I suspect that were I coming from another
realm, the realm would actually be there, i.e. pjm3@IC.AC.UK would be
"UID=pjm3+realm=IC.AC.UK", but a principal in the same realm doesn't have a
realm. Is that right?

Regards,
Phil

+----------------------------------+
| Phil Mayers, Network Support     |
| Centre for Computing Services    |
| Imperial College                 |
+----------------------------------+ 

-----Original Message-----
From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent: 16 September 2000 20:11
To: Mayers, Philip J
Cc: 'openldap-software@openldap.org'
Subject: Re: Problems with ACLs..


>With SASL and the ACL (GSSAPI or CRAM-MD5, both of which work fine without
>the ACL), I get no output, and "ldap_sasl_interactive_bind_s: DSA is
>unavailable". If I supply a "-Y mech" argument, I simply get no results,
but
>no errors either.

Yes, because of the access controls don't allow any return of
anything.

Follow-Ups:
- Re: Problems with ACLs..
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: Atrribute Types/ ObjectClass
Next by Date: Re: Problems with ACLs..
Index(es):
- Chronological
- Thread