[Lam-public] Unable to retrieve schema message with ANY slapd acl set

Mon, 04 Jun 2012 13:47:00 -0700 

Hi Roland, I know this is not specifically a LAM problem, but once I set acls
in my openLDAP configuration to limit what anonymous or any user can see, LAM
is unable to access the schema any longer.  With no acls set, LAM is 100%
happy including the lamdaemon test - and functionality.

So basically, I want to allow anon auth to the user's password(s) attrs, but
let the users have write access to change them.

The second acl unfortunately requires that anonymous can read more than I want
it to, but this is because they all seem to be required for ssh logins to
function (I removed and added them one at a time to verify... painful...) This
is a separate problem for another day I think. :)

This acl also allows a user to search the directory, but only see their some
of their own information.

The last one basically allows all access to the ldap admin user.

I have seen mention of subschema and someone creating a specific acl for it,
but I not for the life of me find out what that is exactly referring to.

Can you offer any help to allow LAM to browse the schema while still allowing
some level of security?


--[snip]--
access to attrs=userPassword,sambaNTPassword
        by dn="uid=ldapadmin,ou=People,dc=MyDomain,dc=local" write
        by anonymous    auth
        by self         write
        by *            none

access to attrs=cn,uid,entry,objectClass,uidNumber,gidNumber,homeDirectory, \
                loginShell,gecos,description
        by dn="uid=ldapadmin,ou=People,dc=MyDomain,dc=local" write
        by self         read
        by anonymous    read
        by *            search

access to *
        by dn="uid=ldapadmin,ou=People,dc=MyDomain,dc=local" write
        by *            none
--[snip]--


Thanks Roland!

--
Bill Arlofski
Reverse Polarity, LLC

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Lam-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lam-public

Reply via email to