[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Preauth error ldap heimdal kerberos

To: Μανόλης Βλαχάκης <manolisvl18@yahoo.gr>
Subject: Re: Preauth error ldap heimdal kerberos
From: Dan White <dwhite@olp.net>
Date: Mon, 22 Mar 2010 12:35:23 -0500
Cc: openldap-software@openldap.org
Content-disposition: inline
In-reply-to: <94f77e481003221007k7e11d0cax46ceb7675fc20f1@mail.gmail.com>
References: <94f77e481003220349m4753ddffkd7d7716f62ccf120@mail.gmail.com> <20100322140938.GC4968@dan.olp.net> <94f77e481003220729j530604c9w49345cd21143230f@mail.gmail.com> <94f77e481003220736t45c8de76jddcc11c1de5b9150@mail.gmail.com> <20100322145541.GH4968@dan.olp.net> <94f77e481003220909s36aef240h6b7c8a5e8174604a@mail.gmail.com> <20100322162031.GK4968@dan.olp.net> <94f77e481003220929m244cd22bg9cf587b68cf3bd79@mail.gmail.com> <20100322170204.GM4968@dan.olp.net> <94f77e481003221007k7e11d0cax46ceb7675fc20f1@mail.gmail.com>
User-agent: Mutt/1.5.18 (2008-05-17)

On 22/03/10 19:07 +0200, Μανόλης Βλαχάκης wrote:

no i havent set an authz-policy..
how should be done?


See the openldap administrator's guide, section 15.3.

I use 'authz-policy to'. It requires that I specify an authzTo attribute in
each identity I want to give proxy authentication privileges to.

I assume that is what you are wanting to do, given the error earlier, but
it may not be.

i didnt understand  exactly what you said here...
can you give a code sample please
*
*
*That looks like UNIX domain socket via an ldapi connection, by the root
user (or a user with UID of 0).

You should probably have a mapping for it as well. I map root to the admin
user on my system.*


From my config:

rootdn          "cn=admin,dc=olp,dc=net"

authz-regexp
  "gidNumber=0\\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
  cn=admin,dc=olp,dc=net

It gives me full rights to the server when connecting as the root user.

--
Dan White

Follow-Ups:
- Re: Preauth error ldap heimdal kerberos
  - From: Μανόλης Βλαχάκης <manolisvl18@yahoo.gr>

References:
- Re: Preauth error ldap heimdal kerberos
  - From: Μανόλης Βλαχάκης <manolisvl18@yahoo.gr>
- Re: Preauth error ldap heimdal kerberos
  - From: Dan White <dwhite@olp.net>
- Re: Preauth error ldap heimdal kerberos
  - From: Μανόλης Βλαχάκης <manolisvl18@yahoo.gr>
- Re: Preauth error ldap heimdal kerberos
  - From: Μανόλης Βλαχάκης <manolisvl18@yahoo.gr>
- Re: Preauth error ldap heimdal kerberos
  - From: Dan White <dwhite@olp.net>
- Re: Preauth error ldap heimdal kerberos
  - From: Μανόλης Βλαχάκης <manolisvl18@yahoo.gr>
- Re: Preauth error ldap heimdal kerberos
  - From: Dan White <dwhite@olp.net>
- Re: Preauth error ldap heimdal kerberos
  - From: Μανόλης Βλαχάκης <manolisvl18@yahoo.gr>
- Re: Preauth error ldap heimdal kerberos
  - From: Dan White <dwhite@olp.net>
- Re: Preauth error ldap heimdal kerberos
  - From: Μανόλης Βλαχάκης <manolisvl18@yahoo.gr>

Prev by Date: Re: Preauth error ldap heimdal kerberos
Next by Date: Re: Preauth error ldap heimdal kerberos
Index(es):
- Chronological
- Thread