I'm unaccustomed to the new (non-slapd.conf) way of adding ACL/ACI's.
I'm trying exclude anonymous access to the password. We've tried this to no affect:
olcAccess: to dn.base="cn=users,dc=lib-mac,dc=local" by * read olcAccess: to dn.base="cn=Subschema" by * read olcAccess: to attrs=userPassword by self write by dn.exact="uid=diradmin,cn=users,dc=lib-mac,dc=local" read by * auth olcAccess: to dn.subtree="" by dn.exact="uid=diradmin,cn=users,dc=lib-mac,dc=local" write by users read by anonymous auth
Robert Threet http://yesistilluseperl.blogspot.com/
____________________________________________________________ $65/Hr Job - 25 Openings Part-Time job ($20-$65/hr). Requirements: Home Internet Access http://thirdpartyoffers.netzero.net/TGL3231/4d540f18d12d722e5best03duc
RAT wrote:
I'm unaccustomed to the new (non-slapd.conf) way of adding ACL/ACI's.
I'm trying exclude anonymous access to the password. We've tried this to no affect:
olcAccess: to dn.base="cn=users,dc=lib-mac,dc=local" by * read olcAccess: to dn.base="cn=Subschema" by * read olcAccess: to attrs=userPassword by self write by dn.exact="uid=diradmin,cn=users,dc=lib-mac,dc=local" read by * auth olcAccess: to dn.subtree="" by dn.exact="uid=diradmin,cn=users,dc=lib-mac,dc=local" write by users read by anonymous auth
The ACL for attrs=userPassword should be the first ACL. ACLs are evaluated in order, read the man slapd.access
Robert Threet http://yesistilluseperl.blogspot.com/
$65/Hr Job - 25 Openings Part-Time job ($20-$65/hr). Requirements: Home Internet Access http://thirdpartyoffers.netzero.net/TGL3231/4d540f18d12d722e5best03du c
openldap-technical@openldap.org
-
harry.jede@arcor.de -
RAT