[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs

Thus spake Alexander Brinkman:
> Here I go again :)
> Everything with SASL and openLDAP is working now, except for the ACLs (I
> think). I understand that there is no direct relationship between SASL users
> (in Kerberos or SASLdb) and LDAP users (uid=xxx,ou=People,dc=domain,dc=org
> for instance). But in that case: whats the point of authentication with

I'd like to know the answer to this question too...  I've so far avoided
using SASL because I haven't taken the time to understand it.

> I was pointed out that it could depend on my ACLs what users would get when
> they're connecting with SASL, but I can't find good references to this.
> When I do:
> access to attr=userPassword
> 	by dn=".+" write
> it works (openldap knows that SASL users are authenticated), but when I do:
> access to attr=userPassword
> 	by self write
> then it doesn't work. Is there a way to get this working?

You need to be able to first bind anonymously, so you need to make it:

access to attr=userPassword
	by self write
	by anonymous auth

W. Reilly Cooley                         wcooley@nakedape.cc
Naked Ape Consulting                      http://nakedape.cc
LNXS: Linux/GNU for servers, networks, and   http://lnxs.org
people who take care of them.  *Now with integrated crypto!*
irc.openprojects.net                                   #lnxs

"I go on working for the same reason a hen goes on laying eggs."
- H. L. Mencken

Attachment: pgpJ5p0DHUxfE.pgp
Description: PGP signature