[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap server migration issue

To: Naveen.X1.Sarabu@chase.com
Subject: Re: openldap server migration issue
From: Pierangelo Masarati <ando@sys-net.it>
Date: Sat, 30 Aug 2008 16:24:25 +0200
Cc: openldap-software@openldap.org
In-reply-to: <2A36599999FAB241B11F78BB5537BBCFCC2551@selgntb880.jpmchase.net>
References: <2A36599999FAB241B11F78BB5537BBCFCC2551@selgntb880.jpmchase.net>
User-agent: Thunderbird 2.0.0.16 (X11/20080724)

Naveen.X1.Sarabu@chase.com wrote:

access to *
        by self write
#       by users read
        by group.exact="cn=Admin,ou=LdapAdmin,dc=example,dc=com" write
        by * read
#       by anonymous auth

The above does not yield what you probably expect. In fact, the comment in the line "by users read" ends the access rule, and the following "by group..." is treated by garbage (depending on the age of the software you're using, you might get some complaints or warnings if you increase the log level). Please read slapd.conf(5) to understand its syntax. As a consequence of your syntax error, users cannot authenticate, hence the failure.

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------

References:
- openldap server migration issue
  - From: <Naveen.X1.Sarabu@chase.com>

Prev by Date: RE: openldap server migration issue
Next by Date: Re: Re: openldap server migration issue
Index(es):
- Chronological
- Thread