[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP access list

To: <openldap-software@OpenLDAP.org>
Subject: Re: LDAP access list
From: "Jonathan Higgins" <jhiggins@kennesaw.edu>
Date: Mon, 29 Sep 2003 17:09:00 -0400
Content-disposition: inline

try this..

on the first one change by * read to by * none
and on the second one add by * read

not 100% but you may need to add by anonymous auth to the first one
also.

Jonathan Higgins
Network Service Specialist IV
Kennesaw State University
jhiggins@kennesaw.edu

This message (including any attachments) contains confidential
information intended for a specific individual and purpose, and is
protected by law.  If you are not the intended recipient, you should
delete this message and are hereby notified that any disclosure,
copying, or distribution of this message, or the taking of any action
based on it, is strictly prohibited.

>>> jawed abbasi <jabbasi@yahoo.com> 09/29/03 04:26PM >>>
Hello
 
  I know its really frustrating to see same people asking same
questions, but thats what this list is for, I have done enough reading
and tailling logs after enabling 128.
But I am not getting anywhere with this.
 
I have following access list 
 
on Master and Slave 
 
1) access to dn=".*,dc=navtechinc,dc=com"
attr=userPassword,ntPassword,lmPassword,gecos
        by dn="cn=Manager,dc=navtechinc,dc=com" write
        by dn="uid=replica,ou=YkfUsers,ou=users,dc=navtechinc,dc=com"
write
        by self write
        by * read
 
2)access to dn=".*,dc=navtechinc,dc=com"
        by dn="cn=Manager,dc=navtechinc,dc=com" write
        by dn="uid=replica,ou=YkfUsers,ou=users,dc=navtechinc,dc=com"
write
        by self write
 
If I leave only number 1 active in slapd.access.conf, everything works
cool, users can login, change password all that stuff work, as you can
see I want to hide certain Attr from all user, and only manager and
replica and self are allowed  in number1, but my replication fails in
case of number1 being active.
But If I add number 2 access right in slapd.access.conf , then
replication works users can do all that stuff , but  when I do a search
 
ldapsearch -x -h hostname uid=replica , I cann see all attr for
replica, even the passwords, but I want to hide password attr, and I
want my replication stuff still work, but I can't figure out what
perticular access list I need to make all this stuff work.
 
Any help hints, redirections will be appreciated.
 
Thanks


---------------------------------
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search

Prev by Date: LDAP access list
Next by Date: win 2k clients
Index(es):
- Chronological
- Thread