I prefer to define specific access like :
Reader anonymous can only auth,
user after authentification can read and modify
And i don't want to enter the cn=admin user password into client software,
so i try to create a cn=redmine-user which i can use to bind with redmine ldap authentification, and which have right to write only a group ou=redmine .
Desactivate the anonymous Bind globally :
dn: cn=config
changetype: modify
add: olcDisallows
olcDisallows: bind_anon
To force authentification globaly :
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
add: olcRequires
olcRequires: authc
Or here an equivalent with ACL ? (but i don't see the difference between this two type of configuration ... )
olcaccess: to attrs=userPassword by self read by anonymous auth by * none
Am Sat, 10 Dec 2011 14:14:58 +0100
schrieb rey sebastien <reyman64@gmail.com>:
you may either make use of the database specific configuration
> Hello,
>
> I search some information to make reader-only users on my openLDAP ..
>
> I have already cn=reader-only, and my dn equal
> "dc=parisgeo,dc=cnrs,dc=fr"
>
> How can i create a .ldif with specific configuration to remove
> anonymous user reading, and authorize the read of my ldap only with
> the cn=reader-only authentification ?
parameter 'olcReadOnly: TRUE' as described in man slapd-config(5) or
define an appropriate access rule, see man slapd-access(5) for further
information.
-Dieter
--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E