[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authenticationg only on port 636

Quoting Thomas Cramer <cramert@musc.edu>:

> You are absolutely right.  That listing really wouldn't do much of
> anything.  What I meant to put was
> > access to *
> >         by sockurl="^ldaps:///$" auth
> >         by * read
> >         by dn="cn=Manager,o=MUSC,c=US" write
> Maybe my problem is understanding fully what "auth" implies.  Does it
> mean that all you can is authenticate? Or does it mean that after you
> authenticate you can read?  ==
> tc

The 'auth' more or less give you read access to the userPassword entry
(but only when doing the authentication, not when looking at the object).

I can't come up with the ACL you need right now (to early, to little coffey :)
but you don't want the 'auth' directive for what you want to do...