On Wed, Sep 23, 2015, at 10:36 AM, Fischer, Johannes wrote:
Hi @all,
I struggle with the ACLs, I whant a special account to check the username
and PW of the entries on the LDAP-server.
Therefore I’ve written the following in the slapd.conf file:
access to attrs=userPassword
by dn="cn=authenticate,dc=vfk,dc=ldap,dc=com" write
by self write
by anonymous none
this acl makes everyone able to write everything (except the password
that can be written by cn=authenticate and self),
and makes it impossible to bind not-anonimously
if you want users to be able to authenticate you shoud give 'anonymous'
users auth permissions to the userpassword attr:
access to attrs=userpassword
# allow connections to bind as user
by anonymous auth
# allow self password change
by self write
# allow cn=authenticate password change
by dn="cn=authenticate,dc=vfk,dc=ldap,dc=com" write
access to *
by * write
by anonymous none
But I can’t authenticate to the LDAP server, does somebody know why?
this rule makes everyone able to modify/add anything to your directory
(except from the userpassword attribute, managed by the first rule)
Greetings
John
bye,
dario