On Tue, 2001-11-27 at 18:52, Yatin Chawathe wrote: > It would be helpful to have two modes of operation: the "regular user" > mode where they type in their email address for authentication, and > the "advanced user" mode which expects the raw DN. > > I have actually been able to configure my LDAP server with limited > anonymous read access (only some of the fields in the authentication > record are publicly readable). Of course this works only if there are > just a handful of users that have authenticated access. Here is the > relevant portion of my slapd.conf: > > # Allow access to the Manager record only to the Manager > access to dn="cn=Manager,dc=chawathe,dc=com" > by self write > by * none > > # Allow everyone to read enough fields of the authentication record(s) > # to initiate the authentication process > # Many email/LDAP clients perform authentication based on the value of > the > # "mail" entry in the authentication record. That's why they need read > # access to some of the entries in the record > access to dn="cn=Yatin Chawathe,dc=chawathe,dc=com" > attr=entry,dn,objectClass,cn,mail > by self write > by * read > > # Everyone needs auth permission for the record(s) as well > # This allows enough permission to verify > # the client's password > access to dn="cn=Yatin Chawathe,dc=chawathe,dc=com" > by self write > by * auth > > # Evo needs permission to read this to access the schema > access to dn="cn=Subschema" > by self write > by * read > > # The default access permissions > access to * > by dn="cn=Manager,dc=chawathe,dc=com" write > by dn="cn=Yatin Chawathe,dc=chawathe,dc=com" write > by * none > > Hope this helps,
Yeap it did! Thanks for these conf tips and thanks to Chris for his LDAP work in Ev too.. And i'm totaly aggree with you to consider that allowing two auth. methods (DN and mail attribut) would be a great feature, because i don't think that every end user would be able to tweak his LDAP server config! -- ------------------------------------------------------------ Vincent Frison | Ohm Force System Administrator | Digital Audio Software mailto:[EMAIL PROTECTED] | http://www.ohmforce.com ------------------------------------------------------------ _______________________________________________ evolution maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/evolution
