[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL issue


I have been messing around with access control lists for a few hours now,
and I come up with the next stuff to be able to login using ssh. To me,
the access for anonymous to the attr=userPassword seems a bit too 
unrestricted, and I think/hope it should be "auth" instead of "read".
But then I cannot login.

Can someone help me make this as restrictive as possible? I have no
other ACL stuff defined in slapd.conf.

Basically any remark is welcome ;)

-- begin slapd.conf snippet --

database        ldbm
suffix          "dc=zomba,dc=doobah,dc=net"
rootdn          "cn=admin,dc=zomba,dc=doobah,dc=net" 
rootpw                  {SSHA}VYHEYqOi+ajqowRkKglkm/qGbIMLRCml
directory       /var/lib/ldap

access to attr=userPassword
    by self write
    by anonymous read
    by * none 

access to dn="uid=.*,ou=People,dc=zomba,dc=doobah,dc=net"
    by anonymous read 

access to attr=entry
    by anonymous read

#access to dn="cn=.*,ou=Group,dc=zomba,dc=doobah,dc=net"
#    by anonymous read

access to *
    by self write
    by users read
    by anonymous search

-- end slapd.conf snippet --