[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL question - minimum rights for Apache HTTP Server Bind User

To: openldap-technical@openldap.org
Subject: ACL question - minimum rights for Apache HTTP Server Bind User
From: Axel Birndt <towerlexa@gmx.de>
Date: Wed, 14 Dec 2011 21:36:58 +0100
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.23) Gecko/20110921 Lightning/1.0b2 Mnenhy/0.8.3 Thunderbird/3.1.15

Hi @All,

currently i'am using a special user

"cn=bind,ou=technical,ou=user,dc=2axels-company,dc=de"

as bind user in my apache.conf file.

----apache.conf-------
.....
AuthType basic
AuthBasicProvider ldap
AuthName "LDAP-geschuetztes Verzeichnis"
AuthLDAPUrl "ldap://localhost:389/ou=user,dc=2axels-company,dc=de?cn?sub";
AuthLDAPBindDN "cn=bind,ou=technical,ou=user,dc=2axels-company,dc=de"
# it doesn't work, if the bind password is encrypted... isn't it ??
#AuthLDAPBindPassword {SHA}pfiSFDDFSAAE$$%j8BTtCUqs9IZWsQ=
# Because this, the password is currently used as an unencrypted one:
AuthLDAPBindPassword xxxxxxxxxxx
Require ldap-group cn=awstats,ou=groups,dc=2axels-company,dc=de
....
----------------------------------

Now my question:

which minimum acl rights are needed for the Bind User:

"cn=bind,ou=technical,ou=user,dc=2axels-company,dc=de"

to connect to the ldap server and check the group from the user who tryto login.


I hope my description is understandable...

Thanks and regards

Axel

--


Gruß Axel

------------------------------

Follow-Ups:
- Re: ACL question - minimum rights for Apache HTTP Server Bind User
  - From: Dieter KlÃnter <dieter@dkluenter.de>
- Re: ACL question - minimum rights for Apache HTTP Server Bind User
  - From: Marc Patermann <hans.moser@ofd-z.niedersachsen.de>

Prev by Date: Re: Account question
Next by Date: slapd-ldap as proxy to active directory
Index(es):
- Chronological
- Thread