[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Bind using a user other than organizationalRole user



On Tue, 2010-04-06 at 13:28 -0500, Marcelo de Moraes Serpa wrote:
> Or maybe some ACL configuration I am missing that is somehow affecting
> the read access to userPassword for the specific DN.

I'd bet this is the case.

In general: if you haven't explicitly defined an ACL, OpenLDAP is
configured to allow anonymous reads -- this is *not* sufficient to auth.
You will want to allow anonymous auth to the appropriate DNs.

Use ACL debugging (olcLogLevel 128) to verify. Also, slapacl is a useful
tool you can use to verify your ACL setup.

Some worked ACL examples can be found here:
http://www.zytrax.com/books/ldap/ch6/#access

-- 
Owen Marshall
FacilityONE
omarshall@facilityone.com | (502) 805-2126

Attachment: signature.asc
Description: This is a digitally signed message part