On 11/30/2011 08:01 AM, Jayavant Patil wrote:
On Tue, Nov 29, 2011 at 6:26 PM, Jayavant Patil
<[email protected] <mailto:[email protected]>> wrote:
>>Mon, 28 Nov 2011 11:25:16 +0100 Raffael Sahli
<[email protected] <mailto:[email protected]>> wrote:
>>Hi
>>I think you mean SSL connection or the STARTTLS Layer...?
>>Please read the manual http://www.openldap.org/doc/admin24/tls.html
>Ok.
>>And tree security:
>>On my server, a client user can only see his own object:
>Are you using simple authentication mechanism?
>>Maybe create a rule like this:
>>access to filter=(objectClass=
>>simpleSecurityObject)
>> by self read
>> by * none
>I am not getting what the ACL rule specifies. Any suggestions?
I have two users ldap_6 and ldap_7. I want to restrict a user to
see his own data only.
In slapd.conf, I specified the rule as follows:
access to *
by self write
by * none
But ldap_6 can see the ldap_7 user entries (or vice versa) with
$ldapsearch -x -v -D "cn=root,dc=abc,dc=com" -b
"ou=People,dc=abc,dc=com" "uid=ldap_7"
Any suggestions?
Yes, that's exactly the rule I wrote above.
access to filter=(objectClass=simpleSecurityObject)
by self read
by * none
Maybe you have to change the objectClass to posixAccount, or both or
whatever....
access to
filter=(|(objectClass=simpleSecurityObject)(objectClass=posixAccount))
by self read
by * none
Just add this rule before the global rule "access to *"
>ldapsearch -x -v -D "cn=root,dc=abc,dc=com" -b
"ou=People,dc=abc,dc=com" "uid=ldap_7"
And if you search like this with bind "admin dn", you will see every
object....
You have to bind with user ldap_6 and not with root
--
Thanks & Regards,
Jayavant Ningoji Patil
Engineer: System Software
Computational Research Laboratories Ltd.
Pune-411 004.
Maharashtra, India.
+91 9923536030.
--
Thanks & Regards,
Jayavant Ningoji Patil
Engineer: System Software
Computational Research Laboratories Ltd.
Pune-411 004.
Maharashtra, India.
+91 9923536030.
--
Raffael Sahli
[email protected]
