[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Does "Users" in acl only goes for simple binds and not with sasl/gssapi?

To: jay alvarez <ldapb0y@yahoo.com>
Subject: Re: Does "Users" in acl only goes for simple binds and not with sasl/gssapi?
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 30 Jun 2005 22:00:30 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20050701034932.39688.qmail@web31512.mail.mud.yahoo.com>
References: <20050701034932.39688.qmail@web31512.mail.mud.yahoo.com>

At 08:49 PM 6/30/2005, jay alvarez wrote:
>Good day,
>I'm just trying to create a simple read access to
>everyone to "ou=staff,dc=preginet" , and yet slapd
>keeps on complaining that this is a bad DN.

Your description here implies that slapd(8) is
logging some sort of error due to a bad DN in
slapd.conf(5).   But if that was so, you'd
never get as far as:

>I get this:
>
>ldap_sasl_interactive_bind_s: No such object (32)

This error is described in the FAQ:
  <http://www.openldap.org/faq/index.cgi?file=576>http://www.openldap.org/faq/index.cgi?file=576

Seems the second entry is the problem.  That is, your
ACLs are deny the client, which is not yet authenticated
at this point, from accessing the Root DSE.

As far as your question regarding "users", slapd-access(5)
says:
   The keyword users means access is granted to
   authenticated clients.

Kurt

Follow-Ups:
- Re: Does "Users" in acl only goes for simple binds and not with sasl/gssapi?
  - From: jay alvarez <ldapb0y@yahoo.com>

References:
- Does "Users" in acl only goes for simple binds and not with sasl/gssapi?
  - From: jay alvarez <ldapb0y@yahoo.com>

Prev by Date: Does "Users" in acl only goes for simple binds and not with sasl/gssapi?
Next by Date: Re: trouble in installing openldap: configure: error: Could not locate TLS/SSL package
Index(es):
- Chronological
- Thread