[Date Prev][Date Next]
Re: Trying to figure out access policies
At 09:38 AM 6/27/2006, Jason Lixfeld wrote:
>I think I'm somewhat versed in the basics of OpenLDAP, but the
>concept of access policies eludes me because they are far beyond my
>current level of comprehension. That being said, I'm doing some
>trial by fire to try to make sense of how they work and hopefully
>will then be able to relate some of what I read in the manual to what
>I've made happen in tests...
>I'm trying to get a proxyuser working so I don't have to do
>everything as Manager.
>I put this entry into my slapd.conf as per some tutorials I read:
>access to attrs=userPassword
> by dn="cn=Proxyuser,dc=example,dc=ca" read
>and likewise, these entries into my ldap.conf:
>and finally, the Proxyuser password in /etc/ldap.secret.
bindpw and rootbinddn are not OpenLDAP configuration directives.
binddn is, but its not relevant here as you used the -D flag
(or were specifying an anonymous bind). I also do not see the
relevance of a ldap.secret given you didn't tell ldapsearch(1)
to use a password file (via the -y flag).
>Also, I'm a little confused about the difference between binddn and
Well, given that rootbinddn is not a OpenLDAP ldap.conf(5) directive,
it's ignored. As was bindpw. In your use of ldapsearch(1), binddn
directive was ignored because either you provided a binddn or
were specifying an anonymous bind (e.g., no password).
Note that discussion regarding the difference of directives in
non-OpenLDAP software packages (such as PAM/LDAP and NSS/LDAP)
is off-topic here.