[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authenticationg only on port 636

To: Frank Swasey <Frank.Swasey@uvm.edu>
Subject: Re: Authenticationg only on port 636
From: Thomas Cramer <cramert@musc.edu>
Date: Mon, 24 Nov 2003 16:58:44 -0500
Cc: openldap-software@OpenLDAP.org
References: <3FC20898.70806@musc.edu> <Pine.LNX.4.58.0311241130420.30751@ebova.hiz.rqh>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0

You are absolutely right. That listing really wouldn't do much of anything. What I meant to put was

access to *
        by sockurl="^ldaps:///$" auth
        by * read
        by dn="cn=Manager,o=MUSC,c=US" write

Maybe my problem is understanding fully what "auth" implies. Does it mean that all you can is authenticate? Or does it mean that after you authenticate you can read?

==
tc


Frank Swasey wrote:

Today at 8:33am, Thomas Cramer wrote:

access to * by * read by sockurl="^ldaps:///$" auth by dn="cn=Manager,o=MUSC,c=US" write


Let's see... this says:

For all attributes:
  Everyone can read their value
  If you used the url ldaps:///... you can ONLY get AUTH access
  If you are the manager, you have full access

Hmm, methinks it's doing exactly what you told it -- not what you
wanted, but that's the failure of the DWIM processor.... ;-)

Follow-Ups:
- Re: Authenticationg only on port 636
  - From: Turbo Fredriksson <turbo@bayour.com>
- Re: Authenticationg only on port 636
  - From: Frank Swasey <Frank.Swasey@uvm.edu>

References:
- Authenticationg only on port 636
  - From: Thomas Cramer <cramert@musc.edu>
- Re: Authenticationg only on port 636
  - From: Frank Swasey <Frank.Swasey@uvm.edu>

Prev by Date: Help with "Naming Violation (64)"
Next by Date: newbie question
Index(es):
- Chronological
- Thread