[Date Prev][Date Next]
AW: OLC permissions - general beginner question
Von: Ferenc Wagner <email@example.com>
> You do not "logon", you use external authentication, which means there's
> no separate BIND step, like with simple bind (-x) for example. External
> authenication is not done by slapd (hence its name; it's done by the
> kernel in the above case), thus slapd can't fail it. The only LDAP
> operation it sees is a search, and the authenticated DN
> (gidNumber=X+uidNumber=Y,...) is not authorized for that, so the result
> is "No such object". As ACLs belong to target objects, they are not
> suitable for forcing server disconnection as soon as the authenticated
> DN is known. Maybe LDAP doesn't even allow such behaviour.
thank you for clarification.