[Date Prev][Date Next]
Re: Quering the server
I think you may have misunderstood Kurt's reply.
> > implicit in all access control lists:
> > access to * by * none
He means that the default for all access control lists is 'access to * by
* none'. That means if you write nothing, 'access to * by * none' is
assumed. That means it's *always* there, whether you write it or not.
> I added the above line to the auth list. Is this correct.
If by this you mean you literally added the line
access to * by * none
to your slapd.conf, then no, it's not correct, and yes, you did
misunderstand. It would never need to be added, it's always implied.
What needs to happen is that you include some directive that contravenes
that one. Perhaps some variant of
access to dn.base="dc=example,dc=com"
by anonymous read
if all you want to do is be able to read namingContexts from an anonymous
bind. Not absolutely sure of the 'dn.base' or the filter syntax, you
should check it with others more experienced than me.
> > >defaultaccess read
> > extraneous directive.
> And deleted this one. Should I RTFM a bit more?
Access control is tricky. Yes, we should *all* RTFM more. At least I
know I should. :)
IS Network Services Specialist
LDAP - Middleware - DoIT
University of Wisconsin - Madison