tir, 2003-01-28 kl. 19:51 skrev Thomas J. Baker:
> I have a working LDAP server which can be queried by Evolution when
> authenticating with a DN. Assuming this is an ACL problem, what other
> ACLs would I need to allow authenticating by email address?
Here's an ldif blank for Evo, for my cat Frigg av Borgund:
dn: cn=Frigg,ou=people,ou=groups,dc=hosts,dc=com
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: evolutionPerson
objectClass: posixAccount
objectClass: shadowAccount
sn: av Borgund
cn: Frigg
homePhone: +31 172 123 456
homePostalAddress:: TXVnZ2VubGFhbiAzCjI0NDEgQ(base64 etc)
initials: F.a.B.
mail: [EMAIL PROTECTED]
uidNumber: 508
gidNumber: 1001
structuralObjectClass: evolutionPerson
userPassword:: e2NyeXB0fXVhWnZ5Mjg0dy9CMnc=
homeDirectory: /u/home/frigg
loginShell: /bin/ksh
gecos: Katten Frigget
uid: frigg
Do you know enough to make your ACLs out of that?
evolutionperson.schema is included with Evo 1.2.x and you'll find it in
/usr/share/doc/evolution. BUT. It will only work as it is with Openldap
2.0.x, not 2.1.x - for which it will have to be modified. The other
schemas you need, including inetorgperson.schema, are in your schema
directory (wherever that is on your system).
Begin with (the very first) ACL:
access to dn="dc=hosts,dc=com"
attr=userPasswd
by anonymous auth
by dn="cn=Admin,dc=hosts,dc=com" write
Without doing that, Admin won't be authenticated.
> In trying to debug what's going on, it seems evolution is searching
> objectClass and entry but I'm not familiar enough with LDAP to know
> what's going on.
Why not subscribe to the opeldap list? www.openldap.org
Best,
Tony
--
Tony Earnshaw
When all's said and done ...
there's nothing left to say or do.
e-post: [EMAIL PROTECTED]
www: http://www.billy.demon.nl
_______________________________________________
evolution maillist - [EMAIL PROTECTED]
http://lists.ximian.com/mailman/listinfo/evolution
