On Wed, Sep 23, 2015, at 10:36 AM, Fischer, Johannes wrote:
Hi @all,
I struggle with the ACLs, I whant a special account to check the username and PW of the entries on the LDAP-server. Therefore I’ve written the following in the slapd.conf file:
access to attrs=userPassword by dn="cn=authenticate,dc=vfk,dc=ldap,dc=com" write by self write by anonymous none
this acl makes everyone able to write everything (except the password that can be written by cn=authenticate and self), and makes it impossible to bind not-anonimously
if you want users to be able to authenticate you shoud give 'anonymous' users auth permissions to the userpassword attr:
access to attrs=userpassword # allow connections to bind as user by anonymous auth # allow self password change by self write # allow cn=authenticate password change by dn="cn=authenticate,dc=vfk,dc=ldap,dc=com" write
access to * by * write by anonymous none
But I can’t authenticate to the LDAP server, does somebody know why?
this rule makes everyone able to modify/add anything to your directory (except from the userpassword attribute, managed by the first rule)
Greetings John
bye, dario