[Date Prev][Date Next] [Chronological] [Thread] [Top]

Acl on userPassword on a specfic base

To: openldap-technical <openldap-technical@openldap.org>
Subject: Acl on userPassword on a specfic base
From: "Marc Roos" <M.Roos@f1-outsourcing.eu>
Date: Mon, 11 Nov 2019 23:35:36 +0100
Content-disposition: inline

I have problems authenticating against this acl[0] with nslcd, if I 
use[1] authentication is fine. I have the impression the dn.exact is not 
able to access the password attribute, because getent shows the other 
attributes. How should I rewrite this so the dn.exact is able to read 
the password attributes from dn.subtree?


[0]
olcAccess: {0} to dn.exact="" by * read
olcAccess: {1} to dn.exact="cn=Subschema" by * read
olcAccess: {2} to attrs=userPassword,shadowLastChange by ssf=256 self 
read by ssf=256 anonymous auth by * none continue
olcAccess: {3} to 
dn.subtree="ou=gggg,ou=ffff,ou=eee,dc=ccc,dc=bbb,dc=aaa" by 
dn.exact="cn=system,ou=dddd,dc=ccc,dc=bbb,dc=aaa" ssf=64 read
olcAccess: {4} to * by * none

[1]
olcAccess: {0} to dn.exact="" by * read
olcAccess: {1} to dn.exact="cn=Subschema" by * read
olcAccess: {2} to attrs=userPassword,shadowLastChange by ssf=256 self 
read by ssf=256 anonymous auth by * none
olcAccess: {3} to * by ssf=64 users read by * none

Follow-Ups:
- Re: Acl on userPassword on a specfic base
  - From: Quanah Gibson-Mount <quanah@symas.com>

Prev by Date: It seems that the Tls cipher settings in ldap client and server not work.
Next by Date: Re: It seems that the Tls cipher settings in ldap client and server not work.
Index(es):
- Chronological
- Thread