[Date Prev][Date Next]
Searching the LDAP Database?
I realize this question show my lack of experience with LDAP, but here
I am configuring a qmail/LDAP server, I ran across something I need to fix:
the fact that the LDAP directory is searchable anonymously. I'd really like
to use the qmail user's information to control who can access the LDAP
server (objectclass=qmailUser). For example, my base dn is as follows: dn:
dc=tbred, dc=com. From Outlook 2000, I can enter this string as my base dn,
and search till my heart's content.
My question is this: how can I change this to force users to authenticate
using the same username/password pair they use for mail? How can I prevent
the rootdn from showing up in a search?
I've played a bit with the "access" commands in slapd.conf, but to no avail.
To my mind, the following should at least prevent the rootdn from being
rootdn "cn=Manager, dc=tbred, dc=com"
access to dn="cn=Manager, dc=tbred, dc=com"
by self write
by * none
However, my search still turns up the Manager entry...
James K. McConnell (firstname.lastname@example.org)
Phone: (732) 560-1377 x7732
Fax: (732) 560-1594
FN:James K. McConnell
ORG:Thoroughbred Software International, Inc.;Information Technology
TEL;WORK;VOICE:(732) 560-1377 x7732
ADR;WORK:;;19 Schoolhouse Rd.;Somerset;NJ;08875-6712;USA
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:19 Schoolhouse Rd.=0D=0ASomerset, NJ 08875-6712=0D=0AUSA