LDAP ACLs with ldapmodify & .ldif file grand user access only
Posted
by
plaetzchen
on Server Fault
See other posts from Server Fault
or by plaetzchen
Published on 2011-09-29T14:19:52Z
Indexed on
2012/09/25
3:40 UTC
Read the original article
Hit count: 520
I want to change the settings my new LDAP server let only users of the server read entries and not anonymous. Currently my olcAccess looks like this:
olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=example,dc=com" write by * none
olcAccess: {1} to * by self write by dn="cn=admin,dc=example,dc=com" write by * read
I tried to change it like so:
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=example,dc=com" write by * none
olcAccess: {1} to * by self write by dn="cn=admin,dc=exampme,dc=com" write by users read
But that gives me no access at all. Can someone help me on this?
thanks
UPDATE: This is the log read after the changes mentioned by userxxx
Sep 30 10:47:21 j16354 slapd[11805]: conn=1437 fd=28 ACCEPT from IP=87.149.169.6:64121 (IP=0.0.0.0:389)
Sep 30 10:47:21 j16354 slapd[11805]: conn=1437 op=0 do_bind: invalid dn (pbrechler)
Sep 30 10:47:21 j16354 slapd[11805]: conn=1437 op=0 RESULT tag=97 err=34 text=invalid DN
Sep 30 10:47:21 j16354 slapd[11805]: conn=1437 op=1 UNBIND
Sep 30 10:47:21 j16354 slapd[11805]: conn=1437 fd=28 closed
Sep 30 10:47:21 j16354 slapd[11805]: conn=1438 fd=28 ACCEPT from IP=87.149.169.6:64122 (IP=0.0.0.0:389)
Sep 30 10:47:21 j16354 slapd[11805]: conn=1438 op=0 do_bind: invalid dn (pbrechler)
Sep 30 10:47:21 j16354 slapd[11805]: conn=1438 op=0 RESULT tag=97 err=34 text=invalid DN
Sep 30 10:47:21 j16354 slapd[11805]: conn=1438 op=1 UNBIND
Sep 30 10:47:21 j16354 slapd[11805]: conn=1438 fd=28 closed
pbrechler should be a valid user but has no system user (we don't need it) admin does't work also
- List item
© Server Fault or respective owner