On 3/24/07, Tim Quinn <[EMAIL PROTECTED]> wrote:
On 3/21/07, Tim Quinn <[EMAIL PROTECTED]> wrote: > > I would like to create a non-privledged system user for other systems to > do authentication binds for centralized password management. I want to avoid > using anonymous binds to the server. > > I only want this user to be able to bind and not have any browse / read / > modify / delete access to the directory. > > Do I need to set up an Access Control Subentry to do this? > > Any help is greatly appreciated. > > ;) > I figured this one out and have gotten Authorization working correctly how I want. Looks like OOTB, any user can bind to any DN without requiring any ACI Authorization configuration as long as the user knows the complete DN to bind to. If the user requires search capability, then it may be necessary to configure Authorization.
Yes there is no restriction on bind for any user. However you can arrange the ACIs according to the bind level (strong, simple). We might add more detailed bind rules to the ACIs later. ..TQ
-- Ersin
