[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Quering the server

Hi Gavin,

I think you may have misunderstood Kurt's reply.

> > implicit in all access control lists:
> >         access to * by * none

He means that the default for all access control lists is 'access to * by 
* none'.  That means if you write nothing, 'access to * by * none' is 
assumed.  That means it's *always* there, whether you write it or not.

> I added the above line to the auth list. Is this correct.

If by this you mean you literally added the line 

access to * by * none

to your slapd.conf, then no, it's not correct, and yes, you did
misunderstand.  It would never need to be added, it's always implied.  
What needs to happen is that you include some directive that contravenes
that one.  Perhaps some variant of 

access to dn.base="dc=example,dc=com" 
       by anonymous read

if all you want to do is be able to read namingContexts from an anonymous
bind.  Not absolutely sure of the 'dn.base' or the filter syntax, you
should check it with others more experienced than me.

> >
> > >defaultaccess read
> >
> > extraneous directive.
> And deleted this one. Should I RTFM a bit more?

Access control is tricky.  Yes, we should *all* RTFM more.  At least I 
know I should.  :)

Craig Dunigan
IS Network Services Specialist
LDAP - Middleware - DoIT
University of Wisconsin  - Madison