[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL problems abound

To: openldap-software@OpenLDAP.org
Subject: ACL problems abound
From: Andrew Williams <mistik1@geeksinthehood.net>
Date: Tue, 23 Oct 2001 19:17:40 -0400

Hello 

Can someone guide to an answer as to why the following ACLs will not work for 
me
Config: Redhat 7.1,  kernel 2.4.7, OpenLDAP 2.0.11, OpenSSL 0.9.6

 -----snip /etc/openldap/slapd.conf----------
database	ldbm
suffix		"dc=geeksinthehood, dc=net"
 ---snip for space---
access to attr=userpassword
	by self write
	by dn="cn=Manager,dc=geeksinthehood,dc=net" write
	by dn="uid=root,ou=people,dc=geeksinthehood,dc=net" write
	by * auth

access to *
	by dn="cn=Manager,dc=geeksinthehood,dc=net" write
	by dn="uid=root,ou=people,dc=geeksinthehood,dc=net" write
	by dn=".+" search
	by * search
------snip end----------

If I use these simple ACLs my system will auth just fine against the server
but with this setup none of my management tools work as they depend on 'uid' 
for auth. I dont allow manager to login with GUI tools I just used to add 
specific admin users with write access ACLs.
access to attr=userPassword
	by self write
	by * auth

access to *
	by self write
	by dn=".+" read
	by * read

On a side note I have created a SSL key and cert pair for my LDAP server but 
the server refuses to start with TLS enabled.

TLSCertificateFile /usr/share/ssl/certs/ldap.crt
TLSCertificateKeyFile /usr/share/ssl/private/ldap.key

Anyhelp would be appreciated.

Thanks
Andrew Williams

Prev by Date: Re: [remote administrator (telnet, SSH, etc.)]
Next by Date: Re: Object class violation error
Index(es):
- Chronological
- Thread