Hi All,
I've Jasig CAS connected to OpenLDAP for users authentication.
My LDAP Schema is the following:
dc=com dc=companyA,dc=com ou=user,dc=companyA,dc=com dc=companyB,dc=com ou=user,dc=companyB,dc=com
I would like to give to a specific user (cn=admin,ou=user,dc=companyB,dc=com) the ability to create inetOrgPerson objetcs under ou=user,dc=companyA,dc=com and the restriction to have only search access to ou=user,dc=companyB,dc=com where actually some attributes should be hidden (such as userPassword).
I tried several ACL but always with one strange problem: a user is able to login via CAS. Then, he/she logouts and if try with a different account then LDAP returns DN_RESOLUTION_FAILURE.
That issue is occurring even with a simple ACL such as:
access to * by self write by anonymous auth by users search
The only way to workaround that issue is removing any ACL or leaving "by users read".
As DN bind I'm using dc=com.
Any suggestion? I cannot understand if focusing on CAS for this issue, or ACL LDAP side.
Thanks a LOT for the support!
Simone