[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL's & slapd

To: openldap-software@OpenLDAP.org
Subject: ACL's & slapd
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Mon, 07 Oct 2002 10:12:18 -0700
Content-disposition: inline

Okie,

After reading slapd.access several times, I'm completely lost on how I could do something that seems quite simple, but in practice is not working at all, especially when SASL is added in:

If I have:

access to dn=""
	by * read

access to attrs=suKrb5Name
	by * search

access to *
	by dn="suRegID=<my regid>, cn=people,dc=stanford,dc=edu" read

I can't see suKrb5Name in the output when I do an ldapsearch. Note that I'm doing SASL authentication, so it needs search on suKrb5Name to do the saslregexp to authenticate me. If I do

access to attrs=suKrb5Name
	by * search break

It then overwrites the access with the by dn="suRegID=...." read, and then can no longer authenticate me. Shouldn't there be some way to make access to * truly be access to everything, regardless of the preceeding acl's?

--Quanah

--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- Re: ACL's & slapd
  - From: Peter Marschall <peter.marschall@mayn.de>

Prev by Date: Re: approx index, enable-phonetic
Next by Date: openLDAP/SASL/KerberosV(heimdal)
Index(es):
- Chronological
- Thread