[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP ACL causing error code 49

To: Matty <matty91@gmail.com>, openldap-technical@openldap.org
Subject: Re: OpenLDAP ACL causing error code 49
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Mon, 19 Dec 2016 09:57:42 -0800
Content-disposition: inline
In-reply-to: <WM!d5b7d7602d538dbf943d32d2978f975c58bba71b872a9e67e2b7aece10c28c185d2c6f504c0175201482f170471e9f00!@mailstronghold-3.zmailcloud.com>
References: <CALCK1CHAtxxBjAoRXh-AZa8PYJU=7-QgRnj_Lezv3oYNTobnQQ@mail.gmail.com> <69bb768d-f41e-505b-50ea-5326656c654c@stroeder.com> <WM!b3d673fa4a35847ff5fe44dc78e1e274ba84a46d3185cb5c76a78610548df194b8796b4fce0e64f276b8b9126998341b!@mailstronghold-3.zmailcloud.com> <41EB8BE57660092A045640B1@192.168.1.19> <CALCK1CHwViVy1mrFyFM9XSODK_VVrcHjx0DMrDkYwcEEJY23Dg@mail.gmail.com> <WM!d5b7d7602d538dbf943d32d2978f975c58bba71b872a9e67e2b7aece10c28c185d2c6f504c0175201482f170471e9f00!@mailstronghold-3.zmailcloud.com>

--On Monday, December 19, 2016 10:33 AM -0500 Matty <matty91@gmail.com>wrote:

Does anyone happen to know why "acl_mask: to value by" shows ""
instead of the dn of the user passed to the "-D" option? The
suggestions above work but I am still curious why the anonymous bind
is occurring.

There is no way for the LDAP server to know that the connection claiming tobe DN "X" is actually that DN until /after/ authentication occurs. Thus,until the point at which authentication is successful, the connection istreated as anonymous.


--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

References:
- Re: OpenLDAP ACL causing error code 49
  - From: Matty <matty91@gmail.com>

Prev by Date: Re: LDAP User can't login can su to with root account
Next by Date: RE: Antw: RE: Constraint violation when swapping two unique attributes
Index(es):
- Chronological
- Thread