[Date Prev][Date Next]
Re: openldap and communicator roaming access
You're right. I added that rule for replication and it went back to not
requiring a password for roaming. If I leave that one out, it requires
a password again. In any case, it was this rule that forced the
password to be valid:
access to dn=".*,ou=roaming,o=city.bloomington.in.us"
by dnattr=owner write
by * none
There definitely could be a better way to do it. I just switched from
Netscape Directory Server to OpenLDAP and still don't fully understand
the security model.
"Kurt D. Zeilenga" wrote:
> At 09:07 AM 10/14/99 -0500, Dave Brodin wrote:
> >defaultaccess read
> >access to * by dn="uid=replication,o=city.bloomington.in.us" write
> None of the below rules matter as the above rule matches *.
> Hence, your replication user can write, everyone else can
> read (anything).
> Your first rule reads:
> To anything and everything,
> if uid=relication,... grant write
> else grant read (default)
> Nothing else matters!
> >access to dn=".*,ou=people,o=city.bloomington.in.us" by self write
> >access to dn=".*,ou=roaming,o=city.bloomington.in.us"
> > by dnattr=owner write
> > by * none
> >access to attr=userpassword
> > by self write
> > by * none
> >Anyway, it's been working so far.
> >Ronald Warner wrote:
> >> I have followed the instructions (with a few modifications) in the
> >> following url's closely:
> >> http://www.linuxworld.com/linuxworld/lw-1999-07/lw-07-ldap_tutorial.html
> >> http://linuxworld.com/linuxworld/lw-1999-09/lw-09-ldap-netscape.html
> >> I have installed the latest BerkeleyDB and OpenLDAP release on a
> >> RH6.0 box with Albert-FitzPatrick's patch.
> >> After configuring Netscape Communicator for roaming access
> >> and exiting the program, I restarted and chose the User Profile. It
> >> asked for the password. So far so good. I enter the password, but
> >> it said "An authorization error occured, please try retyping your
> >> password."
> >> Yesterday, I edited the contents of the ldif file from
> >> "userpassword= secret" to "userpassword=secret", and added the
> >> user on the ldap server. Now, on Netscape Communicator, after
> >> choosing the Profile Name and entering the Password, I am able to
> >> access the ldap server and upload the user profiles. The catch is I
> >> am able to access the ldap server with no password entered or the
> >> correct password entered. What do I do to correct this?
> >> Another problem is that ideally, when I choose Guest (for Profile
> >> Name) on the Communicator Profile Manager, enter the User Name
> >> and Password, I should be able to download the user profile --
> >> bookmarks, browser configuration, etc... but the browser is left
> >> unconfigured, which means that the profile was not downloaded.
> >> How do I resolve this?
> >> Thanks for your assistance.
> >> Ronald Warner
> >> PC/Network Engineer
> >> De La Salle University
> >> Information Systems and Technology Center
> >> Computer Facilities Operations Office
> >> 2401 Taft Ave
> >> Malate, Manila 1004
> >Dave Brodin
> >Lead Systems Engineer
> >Information and Technology Services
> >City of Bloomington
> Kurt D. Zeilenga <email@example.com>
> Net Boolean Incorporated <http://www.boolean.net/>
Lead Systems Engineer
Information and Technology Services
City of Bloomington