[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Clarification on SSL/TLS and GQ problem



man, 2003-03-03 kl. 07:42 skrev Jayson Henkel:

> I have a similar problem to the fellow with the gq issue. I can use
> ldapmodify from localhost, but gq from my laptop fails wihen I bind with
> the correct dn and password.

GQ works beautifully for me.

> Whats interesting is when I do properly
> authenticate with the admin  password I see the users field. When I
> don't I see the users information minus the password field. Doesn't this
> mean that the authentication as the admin is successful and I should be
> able to modify entries instead of getting the insufficient access error.

Yes.

> My acls are as follows:
> access to attr=userPassword
>         by dn="cn=admin,dc=sterlingcrane,dc=ca" write
>         by anonymous auth
>         by self write
>         by * auth
>                                                                                 
> access to *
>         by dn="cn=admin,dc=sterlingcrane,dc=ca" write
>         by self write
>         by anonymous read

It doesn't work like that. Make that:

access to * // <-- define base and access to userPassword
	attr=userPassword
	by dn="cn=admin,dc=sterlingcrane,dc=ca" write
	by anonymous auth
	by self write	

access to * // <-- define all of what's left
	by dn="cn=admin,dc=sterlingcrane,dc=ca" write
	by self write
	by anonymous read

You could also have as base:

access to dn="dc=sterlingcrane,dc=ca" in your first rule. In fact, that
would be better.

Don't use // in your ACL!

Best,

Tony

-- 

Tony Earnshaw

All the world is mad, exceptin thee and me
and even thee's a little queer

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl