[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: phpldapadmin Config
On Tue, 2004-07-13 at 13:18, Quanah Gibson-Mount wrote:
> --On Tuesday, July 13, 2004 1:07 PM -0400 Josiah Ritchie
> <jritchie@bible.edu> wrote:
>
> >> Did you reindex your database after putting in the eq statement? If
> >> not, it will only apply to new entries that get added after the change.
> >
> > I ran slapindex and tried again. This does not appear to have changed
> > anything.
> >
> >> Also, have you tested doing an anonymous bind to your server via
> >> ldapsearch to see what results you get? (Hint: ldapsearch -x)
> >
> > Ah, this also doesn't work. I tried:
> > ldapsearch -x uid=JosiahRitchie
> > ldapsearch -x ou=People
> > ldapsearch -x cn=JosiahRitchie
>
> Your ACL's may not be correct then. You probably also want to more qualify
> the ldapsearch:
>
> ldapsearch -x -b"dc=cougarnet,dc=bible,dc=edu" "uid=josiahritchie"
>
> or
>
> ldapsearch -x -b "dc=bible,dc=edu" "uid=josiahritchie"
Tried those searches above and they didn't work so I went with
commenting out the ACLs and adding in "access to * by * write" and
things started working as expected.
Now I need to rewrite my ACLs I guess. Here's what I have:
access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to *
by self write
by users read
by anonymous auth
access to dn=".*,dc=cougarnet,dc=bible,dc=edu" attr="userPassword"
by dn="cn=Manager,ou=people,dc=cougarnet,dc=bible,dc=edu" write
by dn="cn=samba,ou=People,dc=cougarnet,dc=bible,dc=edu" write
by self write
by * auth
Looks to me like "access to * by anonymous auth" and "access to dn="..."
attr="userPassword by * auth" should allow this, but obviously I'm
wrong.
Thanks for helping me out with this. It's good to know that we now know
what the problem is and seems like it should be easy to fix with a bit
more knowledge on my part. Appreciate it.
Does dn.base="" equate to dn=".*,dc=cougarnet,dc=bible,dc=edu"?
Thank you,
JSR/