Hi All,
I've Jasig CAS connected to OpenLDAP for users authentication.
My LDAP Schema is the following:
dc=com
dc=companyA,dc=com
ou=user,dc=companyA,dc=com
dc=companyB,dc=com
ou=user,dc=companyB,dc=com
I would like to give to a specific user
(cn=admin,ou=user,dc=companyB,dc=com)
the ability to create inetOrgPerson objetcs under ou=user,dc=companyA,dc=com
and the restriction to have only search access to
ou=user,dc=companyB,dc=com where actually some attributes should be hidden
(such as userPassword).
I tried several ACL but always with one strange problem: a user is able to
login via CAS. Then, he/she logouts and if try with a different account
then LDAP returns DN_RESOLUTION_FAILURE.
That issue is occurring even with a simple ACL such as:
access to *
by self write
by anonymous auth
by users search
The only way to workaround that issue is removing any ACL or leaving "by
users read".
As DN bind I'm using dc=com.
Any suggestion? I cannot understand if focusing on CAS for this issue, or
ACL LDAP side.
Thanks a LOT for the support!
Simone
