[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Are my ACLs messed up or is gq?

To: <jcllings@tsunamicomm.net>
Subject: Re: Are my ACLs messed up or is gq?
From: "Paul Wilson" <elviscious@rmci.net>
Date: Sun, 4 May 2003 04:16:36 -0600 (MDT)
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <opromeepsz2m5kh9@localhost>
References: <opromeepsz2m5kh9@localhost>

That version of gq works just fine, I use it all the time at work.

The 'root' user that you are talking about, I presume is the one that is
in your slapd.conf, is that correct?  You don't need to define access for
him with the acls.  He's root, he does what he pleases.

Looks to me like you are probably authenticating as an anonymous user,
since, any/all users have read access.  You can run slapd in debug mode (I
usually use 7, ie '/usr/local/libexec/slapd -d 7 &') and see what the
output of that is.  You will probably want to setup your acls to allow
anonymous bind only access (ie. 'by anonymous bind') .

Hope that's helpful

paul wilson

> Problem:  I can't get gq-0.6.0 to give my root user global write access.
> I've tweaked with just about every setting I could find and nodice and
> so  the question remains.  Is this a bad version of gq or are my ACLs
> somehow  messed up?  I think there might be something wrong with them
> and I am just  not seeing it.  I can add a group with no trouble using
> smbldaptools but an  attempt at deleteing it using the same tools gives
> me a generic error.   Tried ldapdelete and couldn't get that to work...
> probably just couldn't  figure out all the parameters and stuff. Finally
> wound up using
> directory_administrator and that worked OK.  Anyway, the only kind of
> thing  I can think of that would cause both smbldaptools to return an
> error and  cause gq to not provide access is an ACL.
>
> Your thoughts?
>
> # This is a good place to put slapd access-control directives
>
> access to dn=".*,dc=microverse,dc=net"
> attr=userPassword,lmPassword,ntPassword
>         by dn="cn=root,dc=microverse,dc=net" write
>         by dn="cn=proxyuser,dc=microverse,dc=net" read
>         by self write
>         by * auth
>
> access to dn=".*,dc=microverse,dc=net" attr=mail
>         by dn="cn=root,dc=microverse,dc=net" write
>         by self write
>         by * read
>
> access to dn=".*,ou=People,dc=microverse,dc=net"
>         by * read
>
> access to dn=".*,dc=microverse,dc=net"
>         by self write
>         by * read
>
> access to dn=".*,ou=People,dc=microverse,dc=net"
>         by * read
>
>
> --
> ------------
> Jim C.

References:
- Are my ACLs messed up or is gq?
  - From: Jim C <jcllings@tsunamicomm.net>

Prev by Date: Re: Are my ACLs messed up or is gq?
Next by Date: Deleting old entries
Index(es):
- Chronological
- Thread