[Date Prev][Date Next] [Chronological] [Thread] [Top]

Binding Problem Revisited



Sorry to bother you all, again. But it seems as if I'm just filled with frustration (or perhaps I can't see the obvious) in trying to get simple UNIX authentication working..

Would someone be so kind to tell me if the below ACL would work:

ALL LDIF entries look like this:
---------------------------------------------------
dn: uid=jnoviell,location=Dorval,o=Matrox,c=CA
objectclass: Person
username: jnoviell
cn: Joe Novielli
uid: jnoviell
mail: jnoviell@matrox.com
location: Dorval
sn: Novielli
userPassword: {crypt}2FkhqxpuoxVDY
telephoneNumber: XXX-XXX-XXXXX ext: XXXX
status: Active User

dn: uid=jostiguy,location=Dorval,o=Matrox,c=CA
objectclass: Person
username: jostiguy
cn: Jean-Jacques Ostiguy
uid: jostiguy
mail: jostiguy@matrox.com
location: Dorval
sn: Ostiguy
userPassword: {crypt}S1QfrF4z/n5JE
telephoneNumber: XXX-XXX-XXXXX ext: xxxx
status: Active User
---------------------------------------------------

ACL looks like:
---------------------------------------------------
access to attr=userpassword
  by self write
  by * compare

access to *
 by dn="uid=jnoviell,location=Dorval,o=Matrox,c=CA" read
 by * none

----------------------------------------------------------

Now, I've tried it with perLDAP example script (see: http://www.mozilla.org/directory/faq/perldap-faq.html#_ldap_10), but it doesn't want to BIND with the username jnoviell (except if I replace my ACL's "by * none" with "by * read") which then let's everyone read.

I'm using Openldap 1.2.4 with threads on Solaris (sleepycat as backend db)

Sorry, if I'm being a pain in the ...



--------------------------------------------------------------------------
Joe Novielli  x.7703  Email: jnoviell@matrox.com
MIS Department
Matrox Electronic Systems Inc. http://www.matrox.com
1055 St-Régis Tel: (514) 822-6000  x. 7703
Dorval, Québec Fax: (514) 822-6262
Canada, H9P 2T4
--------------------------------------------------------------------------