[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP reader-only users , and removing anonymous user reading ?
Am Mon, 12 Dec 2011 11:48:35 +0100
schrieb reyman <reyman64@gmail.com>:
> I prefer to define specific access like :
>
> Reader anonymous can only auth,
> user after authentification can read and modify
> And i don't want to enter the cn=admin user password into client
> software, so i try to create a cn=redmine-user which i can use to
> bind with redmine ldap authentification, and which have right to
> write only a group ou=redmine .
>
> Desactivate the anonymous Bind globally :
>
> dn: cn=config
> changetype: modify
> add: olcDisallows
> olcDisallows: bind_anon
>
> To force authentification globaly :
>
> dn: olcDatabase={-1}frontend,cn=config
> changetype: modify
> add: olcRequires
> olcRequires: authc
>
> Or here an equivalent with ACL ? (but i don't see the difference
> between this two type of configuration ... )
>
> olcaccess: to attrs=userPassword
> by self read
> by anonymous auth
> by * none
>
>
> And after i need to make an ACL to authorize my cn=redmine-user to
> write only a group ou=redmine, but i have no idea to write this.
http://www.openldap.org/faq/data/cache/189.html
[...]
-Dieter
--
Dieter KlÃnter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53Â37'09,95"N
10Â08'02,42"E