[Date Prev][Date Next] [Chronological] [Thread] [Top]

stopping anonymous access to userPassword

To: openldap-technical@openldap.org
Subject: stopping anonymous access to userPassword
From: "RAT" <robert3t@netzero.net>
Date: Thu, 10 Feb 2011 16:14:14 GMT
Content-disposition: inline
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netzero.net; s=alpha; t=1297354535; bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=; l=0; h=From:Date:To:Subject:Message-Id:Content-Type; b=UdS+4qt1NGpqpBJn0uvEkw9XZ3Fmy4B84K4lyGPbuK4Ec46p8YIdz4+g4PvjD0Ywi R6Ck4KslTA7rrNG/R+Qy3/YWb/X3+UqW4S756y9YmZwhCLH5ubCZd9vmkTTIrmL3FF Oz8ymq93YnwFj4IKOFy3VoDoUXJPGidea6gmSFes=

I'm unaccustomed to the new (non-slapd.conf) way of adding ACL/ACI's.

I'm trying exclude anonymous access to the password.  We've tried this to no affect:

olcAccess: to dn.base="cn=users,dc=lib-mac,dc=local" by * read
olcAccess: to dn.base="cn=Subschema" by * read
olcAccess: to attrs=userPassword
  by self write
  by dn.exact="uid=diradmin,cn=users,dc=lib-mac,dc=local" read
  by * auth
olcAccess: to dn.subtree=""
  by dn.exact="uid=diradmin,cn=users,dc=lib-mac,dc=local" write
  by users read
  by anonymous auth



Robert Threet
http://yesistilluseperl.blogspot.com/

____________________________________________________________
$65/Hr Job - 25 Openings
Part-Time job ($20-$65/hr). Requirements: Home Internet Access
http://thirdpartyoffers.netzero.net/TGL3231/4d540f18d12d722e5best03duc

Follow-Ups:
- Re: stopping anonymous access to userPassword
  - From: harry.jede@arcor.de

Prev by Date: Ldap with GroupOfUniqueNames + PosixGroups
Next by Date: Re: Ldap with GroupOfUniqueNames + PosixGroups
Index(es):
- Chronological
- Thread