[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL issue

To: Arjen van Drie <arjen-openldap@3va.net>
Subject: Re: ACL issue
From: Tony Earnshaw <tonni@billy.demon.nl>
Date: 03 Dec 2002 23:48:16 +0100
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20021203220906.A11531@3va.net>
Organization:
References: <20021203220906.A11531@3va.net>

tir, 2002-12-03 kl. 22:09 skrev Arjen van Drie:

> I have been messing around with access control lists for a few hours now,
> and I come up with the next stuff to be able to login using ssh. To me,
> the access for anonymous to the attr=userPassword seems a bit too 
> unrestricted, and I think/hope it should be "auth" instead of "read".
> But then I cannot login.

Mess around a bit for a few days or a few weeks, and you'll be well on
your way.

Yes, it should be 'by anonymous auth', otherwise you'll have everybody
in the world reading all your users' passwords, and I don't suppose you
want that.

The reason why you can't log in, is that you haven't said what people
can have access to. You have in the ACLs below it. That's because you've
spent hours on it and should have gone to bed anyway. Go and have a beer
and begin again tomorrow.

access do dn.children="dc=zomba,dc=doobah,dc=net"
	attr=userPassword
	by anonymous auth
	by self write
	by * none

Best,

Tony

-- 

Tony Earnshaw

When all's said and done ...
there's nothing left to say or do.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl

References:
- ACL issue
  - From: Arjen van Drie <arjen-openldap@3va.net>

Prev by Date: Object classes
Next by Date: Re: Object classes
Index(es):
- Chronological
- Thread