David Wright schrieb am Wed, Apr 10, 2002 at 01:41:39AM -0700: [...] > >So how do we get these toys together if one > > > > 1. is going to protect user information based on "by self write" - you > > first have to see what "self" is! - and > > > > 2. has, to faciliate 1., authenticate someone based on user information > > > >which will always result in a request loop? > > Umm, I don't know whether what you said went completely over my head or > whether what I said went completely over your head. > > The ACLs that I wrote are literal (the characters s-e-l-f appear in > slapd.conf) and work as advertised. When you bind to LDAP, you specify > your dn and userPassword. That tells ldap who "self" is, and if the > userPassword matches, it believes you. No "request loop" occurs. End of > story.
BTW and to come back to the very origin of this whole thread: You can't have LDAP v3 with your scenario, which is causing many peoply (including me) some headaches. So this is just the beginning of the story, not the end, if you want more functionality and development. Regards, Birger
