[Date Prev][Date Next] [Chronological] [Thread] [Top]

access control with pbind overlay

To: openldap-technical@openldap.org
Subject: access control with pbind overlay
From: Ferenc Wagner <wferi@niif.hu>
Date: Tue, 23 Sep 2014 10:56:21 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux)

Hi,

I've got a partial syncrepl replica, which (among others) misses the
userPassword attributes of the provider database.  I added a pbind
overlay to the replica, which forwards binds to the provider, thus it
became possible to do simple binds against the replica.  But access
control on the replica does not honor these binds properly: "by users"
works, but "by self" does not.  Before I waste too much time debugging:
is it supposed to work at all?  I tested this under 2.4.31 with:

dn: olcDatabase={1}mdb,cn=config
olcAccess: to * by dn.exact=gidNumber=119+uidNumber=116,cn=peercred,cn=external,cn=auth read by self read by * none
olcSyncrepl: rid=1 [...]

The external auth part works, and if I replace self with users, that
works as well (but is not what I want).  Do I expect too much?
--
Thanks,
Feri.

Follow-Ups:
- Re: access control with pbind overlay
  - From: Ferenc Wagner <wferi@niif.hu>

Prev by Date: Re: Map NFShomedirectory to new value
Next by Date: for aia and cdp; crl and ca publishing in ldap
Index(es):
- Chronological
- Thread