[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
newbie question: No anonymous authentication = problems
Hi,
I hope I am on the right list for questions like this. I manage a
OpenLDAP server installation on Ubuntu 8.10, and when I upgraded from
8.04 the configuration changed quite a bit.
I am trying to turn off anonymous access, but I get problems
connecting to the ldap database even when not using anonymous bind.
I managed to find the configuration options I was looking for (at
least i think so) with phpldapadmin. I found an object with dn
olcDatabase={1}bdb,cn=config, in which I found an attribute called
olcAccess, which I think is what I need to change. From the beginning
it said:
{0}to attrs=userPassword,shadowLastChange by
dn.base="cn=manager,dc=mydomain,dc=com" write by anonymous auth by
self write by * none
{1}to dn.base="" by * read
{2}to * by dn.base="cn=manager,dc=mydomain,dc=com" write by * read
(of course with my dc values).
I tried to change the last entry to by * none, as I do not right now
need my users to be able to read their or other users' values. It
worked as expected, from an LDAP point of view, I still could log in
anonymously, but I could not browse the database, however, logged in
as manager it worked as it should.
The problem came in postfix, because I use my LDAP database (among
other things) as an alias table. So I configured postfix not to bind
anonymously, but to use
server_host = localhost
server_port = 389
search_base = dc=mydomain, dc=com
bind = yes
bind_dn = cn=manager, dc=mydomain, dc=com
bind_pw = mysecret
result_attribute = mail
query_filter = (|(uid=%s)(mailAlias=%s))
But I got
dict_ldap_lookup: Search error 50: Insufficient access
from the mail.log
When I changed back, it worked again. I have tried to change various
things (such as put in by anonymous auth before by * read, and
changing dc.base="..." to dc="..." both in the first and in the last
attribute value above, but it does not seem to change. What am I doing
wrong? Any help would be much appreciated.
Best regards,
Andreas