Re: GSSAPI Binds openldap 2.1.12

[Dieter Kluenter <dieter@dkluenter.de>]

Hi,

"Derek T. Yarnell" <derek@cs.umd.edu> writes:

> On Thu, Jan 23, 2003 at 12:08:36AM +0100, Dieter Kluenter wrote:
>> Have you ever tested with ldapwhoami ?
[...]
> So I think it is authenticating correctly, now my problem is that I don't seem to have
> the right permissions.
>
> access to attr=uid,uidNumber,gidNumber,homeDirectory,mailLocalAddress
>         by dn="cn=staff,dc=csic,dc=umd,dc=edu"
>         by users read
> access to attr=loginShell,gecos,cn,mailroutingaddress,mailHost
>         by dn="cn=staff,dc=csic,dc=umd,dc=edu"
>         by self write
>         by users read

Now I see, why don't you set your acl's to
by dn.subtree="cn=staff,dc=csic,dc=umd,dc=edu"

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter@schevolution.com
http://www.schevolution.com/tour