openldap-technical

openldap-technical@openldap.org

21 participants
9802 discussions

Re: Anonymous Bind ACL Problems
by Shawn Morford 06 Apr '13

06 Apr '13

On Fri, Apr 5, 2013 at 1:11 PM, Quanah Gibson-Mount <quanah(a)zimbra.com>wrote: > --On Friday, April 05, 2013 12:46 PM -0700 Dark Morford < > darkmorford+ldap(a)gmail.com> wrote: > > I'm setting up my first LDAP server; just using it as an auth provider >> for Apache until I'm more comfortable with things. I was able to get it >> up and running with a few user entries, but I can't get anonymous >> searching to work the way I want. >> >> It's configured (cn=config) style, and the ACLs are: >> {0}to attrs=uid by anonymous read by users read >> {1}to attrs=userPassword by anonymous auth by self write >> {2}to * by users read >> > > access to entry by * read needs to be in there too before {2}. > > --Quanah > > -- > > Quanah Gibson-Mount > Sr. Member of Technical Staff > Zimbra, Inc > A Division of VMware, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration > Adding the access entry exactly like you have it gave me an error; I managed to figure out that it needed to be 'to attrs=entry by * read'. And now it seems to be working, so thanks for that. I'm not sure I understand why it's necessary, though. The client service (Apache) just needs to find out if a particular uid exists. Why does it need access to the whole entry?

1 0

None
by Bob Fitch 06 Apr '13

06 Apr '13

http://www.octevillenatation.com/nnqv/xdxapmiuaxur.lsu 4/6/2013 8:23:01 PM 4/6/2013 8:23:01 PM fitchbob

1 0

Anonymous Bind ACL Problems
by Dark Morford 05 Apr '13

05 Apr '13

I'm setting up my first LDAP server; just using it as an auth provider for Apache until I'm more comfortable with things. I was able to get it up and running with a few user entries, but I can't get anonymous searching to work the way I want. It's configured (cn=config) style, and the ACLs are: {0}to attrs=uid by anonymous read by users read {1}to attrs=userPassword by anonymous auth by self write {2}to * by users read Searching for a user as the rootDN works fine: shawn@aquamarine:~$ ldapsearch -x -D 'cn=Manager,dc=darkmorford,dc=net' -W -b 'dc=darkmorford,dc=net' '(uid=smorford)' uid Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=darkmorford,dc=net> with scope subtree # filter: (uid=smorford) # requesting: uid # # smorford, Users, darkmorford.net dn: uid=smorford,ou=Users,dc=darkmorford,dc=net uid: smorford # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 But doing the same search anonymously can't find the user: shawn@aquamarine:~$ ldapsearch -x -b 'dc=darkmorford,dc=net' '(uid=smorford)' uid # extended LDIF # # LDAPv3 # base <dc=darkmorford,dc=net> with scope subtree # filter: (uid=smorford) # requesting: uid # # search result search: 2 result: 32 No such object # numResponses: 1 I have to assume that something in the ACL is blocking the anonymous search. How do I fix this?

2 1

Replication using cn=config
by Andre Rodier 05 Apr '13

05 Apr '13

Hello Everyone, I am trying to implement mirorring replication on OpenLDAP on debian wheezy, and I am struggling since a few days. All the documentation I have found so far on the web site is related to OpenLDAP with a configuration file (slapd.conf) Can anyone gives me a clue on how I can adapt the examples given on the web site to the database configuration backend (cn=config). Thanks for your help. André Rodier.

3 3

How to use LDAP to get user information from MySql database?
by jupiter 04 Apr '13

04 Apr '13

Hi, I have a user management which using MySql database. How can I add and configure LDAP to get user information (username, password, email, public key ....) which installed in MySql database? I know there is a shell in LDAP configuration which can be used to get information from external database such as MySql, but I am not sure if it is the good way or only way to run LDAP and MySql together. Appreciate any advice. Thank you. Kind regards. j

3 3

Re: openldap-technical Digest, Vol 64, Issue 28
by Francois Gnu 03 Apr '13

03 Apr '13

Hello Bill, I'm very interesting to know your method to create a debian package. Thanks a lot! Librement, ------ Francois Trachez (kiko) Team Fedora|Lyon (France) http://stg.fedoraproject.org/fr/ http://stg.fedoraproject.org/es/ 2013/3/28 <openldap-technical-request(a)openldap.org>: > > --On Tuesday, March 26, 2013 06:14:33 PM -0700 Quanah Gibson-Mount <quanah(a)zimbra.com> wrote: > >> If you know how to build OpenLDAP manually, and would like to participate in testing the next set of code for the 2.4.35 release, please do so. >> >> Generally, get the code for RE24: >> >> <http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=snapshot;h=refs/h…> >> >> Configure & build. >> >> Execute the test suite (via make test) after it is built. > > Created a debian package for wheezy and installed it on our development > servers. In addition to passing all of the build tests, my initial > tests have all been successful. > > To build the package I did have to update ol_patch in version.var. > > Bill > > -- > > Bill MacAllister > Infrastructure Delivery Group, Stanford University > > > > ------------------------------ > > _______________________________________________ > openldap-technical mailing list > openldap-technical(a)openldap.org > http://www.openldap.org/lists/mm/listinfo/openldap-technical > > > End of openldap-technical Digest, Vol 64, Issue 28 > **************************************************

1 0

::Bob Fitch::
by Bob Fitch 03 Apr '13

03 Apr '13

http://www.drkaria.com/xecoyox/tose.keyh?pni 4/3/2013 2:28:49 PM 4/3/2013 2:28:49 PM fitchbob

1 0

Chaining without TLS
by jeevan kc 02 Apr '13

02 Apr '13

I've configured a chaining overlay on two slaves with a master to enable update privileges on the slave servers. But every-time I try to modify entries on the Slave I get error code 8.(strong authentication required) Can chaining work without TLS ? If so how? Also I created the overlay only on the slaves ( I looked at the references and it's obvious it shouldn't be on the master). Please help.

1 0

any body have done openldap and active directory synchronization? i need help
by Suman Karki 02 Apr '13

02 Apr '13

hello there! anybody have done openldap and active directory synchronization? i want to sync them. give me idea how you have done? i am struggling to solve that. if you charge some amount then i am ready to pay. just i need to solve that problem.

3 3

Returning objects on exact DN match
by Rick van Rein (OpenFortress) 01 Apr '13

01 Apr '13

Hello, I am trying to publish information only when the exact DN is used, as a measure against iteration of accounts. I configured: olcAccess: to dn.regex="^uid=[^,]+,(ou=[^,]+,)*dc=openfortress,dc=nl$" by (admin) write by * =rcdx Note how this is like read privilege =rscdx minus the =s search filter privilege. I am told that I lack the permission, and suspect the deafult search filter (objectClass=*) requires the =s privilege. Is what I am trying to do posisble with OpenLDAP? Thanks, -RIck

1 2

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical