Re: Access Control List Configuration.

[Marc Patermann <hans.moser@ofd-z.niedersachsen.de>]

Geo,

Geo P.C. schrieb (14.05.2013 16:05 Uhr):

> But with this no user can able to login. But we change olcAccess: {3}to 
> dn.subtree="ou=People,dc=prime,dc=ds,dc=geo,dc=com" by self write by * 
> write , all users can login.
>
> But actually we need is only the user1 need only to login to gitlab 
> application. And the users user2 and user3 need only to login to zabbix 
> application
>
> Can anyone please help me to configure acl for this. Thanks in advance.
First: you should read "man slapd.access" carefully.

Second:	a) Try to understand what your application wants to do and
	b) try to reproduce this with standard ldap tools like
		ldapsearch.

Point a) can be done be observing the slapd log for actions taken by 
your application or read the documentation of your application.
What usually happens, is:
- App bind with binddn (does this work?)
- bind user searches for a given uid under basedn (does this work?)
=> reproduce with ldapsearch -D -w -x -b ...
- If user is found by the search, App will bind as user with found dn.
  (does this work?)
=> reproduce with ldapsearch -D -w -x ...

After you know what really does happen, set the ACLs accordingly.
Test again.


Marc