[Date Prev][Date Next]
Re: Trying to figure out access policies
On 27-Jun-06, at 2:01 PM, Kurt D. Zeilenga wrote:
At 09:38 AM 6/27/2006, Jason Lixfeld wrote:
I think I'm somewhat versed in the basics of OpenLDAP, but the
concept of access policies eludes me because they are far beyond my
current level of comprehension. That being said, I'm doing some
trial by fire to try to make sense of how they work and hopefully
will then be able to relate some of what I read in the manual to what
I've made happen in tests...
I'm trying to get a proxyuser working so I don't have to do
everything as Manager.
I put this entry into my slapd.conf as per some tutorials I read:
access to attrs=userPassword
by dn="cn=Proxyuser,dc=example,dc=ca" read
and likewise, these entries into my ldap.conf:
and finally, the Proxyuser password in /etc/ldap.secret.
bindpw and rootbinddn are not OpenLDAP configuration directives.
binddn is, but its not relevant here as you used the -D flag
(or were specifying an anonymous bind). I also do not see the
relevance of a ldap.secret given you didn't tell ldapsearch(1)
to use a password file (via the -y flag).
Ok, this all makes much more sense now, thank you, Kurt. Nowhere in
the examples I found did it make reference to using a -y flag with
the ldap.secret file so I was very unclear on this, thinking the
"proxyuser" was some sort of special case user. I see now how this
Also, I'm a little confused about the difference between binddn and
Well, given that rootbinddn is not a OpenLDAP ldap.conf(5) directive,
it's ignored. As was bindpw. In your use of ldapsearch(1), binddn
directive was ignored because either you provided a binddn or
were specifying an anonymous bind (e.g., no password).
Note that discussion regarding the difference of directives in
non-OpenLDAP software packages (such as PAM/LDAP and NSS/LDAP)
is off-topic here.
I didn't even clue into the fact that the ldap.conf file I was using
had parts in there for nss/ldap. I apologize for going off-topic.