[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: OLC permissions - general beginner question

-----Ursprüngliche Nachricht-----
Von:	Ferenc Wagner <wferi@niif.hu>
> You do not "logon", you use external authentication, which means there's
> no separate BIND step, like with simple bind (-x) for example.  External
> authenication is not done by slapd (hence its name; it's done by the
> kernel in the above case), thus slapd can't fail it.  The only LDAP
> operation it sees is a search, and the authenticated DN
> (gidNumber=X+uidNumber=Y,...) is not authorized for that, so the result
> is "No such object".  As ACLs belong to target objects, they are not
> suitable for forcing server disconnection as soon as the authenticated
> DN is known.  Maybe LDAP doesn't even allow such behaviour.


thank you for clarification.