Re: OpenLDAP reader-only users , and removing anonymous user reading ?

12 Dec 2011


      Am Mon, 12 Dec 2011 11:48:35 +0100
schrieb reyman reyman64@gmail.com:
...
I prefer to define specific access like :
Reader anonymous can only auth,
user after authentification can read and modify
And i don't want to enter the cn=admin user password into client
software, so i try to create a cn=redmine-user which i can use to
bind with redmine ldap authentification, and which have right to
write only a group ou=redmine .
Desactivate the anonymous Bind globally   :
dn: cn=config
changetype: modify
add: olcDisallows
olcDisallows: bind_anon
To force authentification globaly :
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
add: olcRequires
olcRequires: authc
Or here an equivalent with ACL ? (but i don't see the difference
between this two type of configuration ... )
olcaccess: to attrs=userPassword
  by self read
  by anonymous auth
  by * none
And after i need to make an ACL to authorize my cn=redmine-user to
write only a group ou=redmine, but i have no idea to write this.
http://www.openldap.org/faq/data/cache/189.html
[...]
-Dieter
-- 
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: OpenLDAP reader-only users , and removing anonymous user reading ?