[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACL question - minimum rights for Apache HTTP Server Bind User
- To: openldap-technical@openldap.org
- Subject: ACL question - minimum rights for Apache HTTP Server Bind User
- From: Axel Birndt <towerlexa@gmx.de>
- Date: Wed, 14 Dec 2011 21:36:58 +0100
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.23) Gecko/20110921 Lightning/1.0b2 Mnenhy/0.8.3 Thunderbird/3.1.15
Hi @All,
currently i'am using a special user
"cn=bind,ou=technical,ou=user,dc=2axels-company,dc=de"
as bind user in my apache.conf file.
----apache.conf-------
.....
AuthType basic
AuthBasicProvider ldap
AuthName "LDAP-geschuetztes Verzeichnis"
AuthLDAPUrl "ldap://localhost:389/ou=user,dc=2axels-company,dc=de?cn?sub"
AuthLDAPBindDN "cn=bind,ou=technical,ou=user,dc=2axels-company,dc=de"
# it doesn't work, if the bind password is encrypted... isn't it ??
#AuthLDAPBindPassword {SHA}pfiSFDDFSAAE$$%j8BTtCUqs9IZWsQ=
# Because this, the password is currently used as an unencrypted one:
AuthLDAPBindPassword xxxxxxxxxxx
Require ldap-group cn=awstats,ou=groups,dc=2axels-company,dc=de
....
----------------------------------
Now my question:
which minimum acl rights are needed for the Bind User:
"cn=bind,ou=technical,ou=user,dc=2axels-company,dc=de"
to connect to the ldap server and check the group from the user who try
to login.
I hope my description is understandable...
Thanks and regards
Axel
--
Gruß Axel
------------------------------