[Date Prev][Date Next] [Chronological] [Thread] [Top]

I cried

To: openldap-software@OpenLDAP.org
Subject: I cried
From: Todd Lyons <todd@mrball.net>
Date: Sun, 3 Jun 2001 20:46:27 -0700
Content-disposition: inline
User-agent: Mutt/1.2.5i

<whine>
Digging and digging and digging...I found a question in the Courier-IMAP
archives:  "Does Courier work with OpenLDAP 2"?  I chuckled to myself as
I thought about the passages I found that said it only works with
OpenLDAP 1.  I nearly cried when I read the answer.  Yes.

I had qmail working with openldap2, no problems.  I (archived and)
removed all of that and compiled openldap1 and recompiled all the rest
of the packages.  I've got it working except that courier doesn't find 
the maildirs (it's a configuration option somewhere, but I haven't yet
found it).  I have the LDAP_HOMEDIR and LDAP_MAILDIR both pointing to
the userMessageStore attribute, (ie /var/qmail/maildirs/user2345) but
it's not appending ./Maildir to the end of it).
</whine>

Back to pertinent matter:  Setting up ACL's is not working the way I 
expected.  This is all with OpenLDAP v1.  I had:
access to * by dn="cn=Manager,dc=mrball,dc=net" write
access to * by dn="cn=courier,dc=mrball,dc=net" read
access to * by dn="cn=qmail,dc=mrball,dc=net" read
access to * by * none

Amazingly, I could still access the data with ldapsearch with no rootdn 
or password.  I think that's what is called anonymous?  So I modified
it.
access to * by dn="cn=Manager,dc=mrball,dc=net" write
access to * by dn="cn=courier,dc=mrball,dc=net" read
access to * by dn="cn=qmail,dc=mrball,dc=net" read
access to * by self read

When I start slapd with "-d -1", it still grants access by default.  I
tried:
access to * by anonymous none

but it had an error with the who of anonymous.   At this point, I'm
unsure what I have to do to have a default of deny.  I just want
Manager, courier, and qmail to be able to access the directory, with no
users and no anonymous access.  Is this one of the advantages that
OpenLDAP v2 has over v1?  

Since I just found out that Courier will work with v2, I plan to 
recompile everything for v2.  I just want to understand how to do it
with v1.
-- 
Blue skies...		Todd
| Get a bigger hammer!   |  Are you feeling lucky...punk?         |
| http://www.mrball.net  |  I've had better days...               |
| http://faq.mrball.net  |  It's the end of the world as we know i|

Prev by Date: Re: Invalid credentials on 2.0.8
Next by Date: Re: change in behavior from 1.2.x to 2.x (was "Re: Schemacheck")
Index(es):
- Chronological
- Thread