On 9/25/2012 11:07 AM, Satish Patel wrote:
This is what i got in access logs.[25/Sep/2012:14:04:36 -0400] conn=497 fd=75 slot=75 connection from 10.101.100.236 to 10.10.52.10 [25/Sep/2012:14:04:36 -0400] conn=497 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [25/Sep/2012:14:04:36 -0400] conn=497 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [25/Sep/2012:14:04:36 -0400] conn=497 op=1 SRCH base="dc=example,dc=com" scope=2 filter="(&(uid=test4)(objectClass=person))" attrs="1.1" [25/Sep/2012:14:04:36 -0400] conn=497 op=1 RESULT err=0 tag=101 nentries=1 etime=0 [25/Sep/2012:14:04:36 -0400] conn=498 fd=76 slot=76 connection from 10.101.100.236 to 10.10.52.10 [25/Sep/2012:14:04:36 -0400] conn=497 op=2 UNBIND [25/Sep/2012:14:04:36 -0400] conn=497 op=2 fd=75 closed - U1 [25/Sep/2012:14:04:36 -0400] conn=498 op=0 BIND dn="uid=test4,ou=People,dc=example,dc=com" method=128 version=3 [25/Sep/2012:14:04:36 -0400] conn=498 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=test4,ou=people,dc=example,dc=com" [25/Sep/2012:14:04:36 -0400] conn=498 op=1 UNBINDOn Tue, Sep 25, 2012 at 1:46 PM, Grzegorz Dwornicki <[email protected] <mailto:[email protected]>> wrote:Can you provide logs from FDS when you are trying to login via application? Greg. 25 wrz 2012 19:27, "Satish Patel" <[email protected] <mailto:[email protected]>> napisaĆ(a): Hello ALL, I have a web base application and user authenticate web application using Directory Service (FDS). I want to restrict some user to not allow to login so i have implement host base deny ACL. But somehow it doesn't works. may be i am missing something. following acl i have. (targetattr = "*") (version 3.0;acl "Host ACL";deny (all)(userdn = "ldap:///uid=test,ou=People,dc=example,dc=com";) and (ip="10.101.100.236");) But interesting thing is, it works with ldapsearch but not with Web application?
Your ACL specifies "uid=test," but that bind was done with "test4".
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
