At 09:38 AM 6/27/2006, Jason Lixfeld wrote: >I think I'm somewhat versed in the basics of OpenLDAP, but the >concept of access policies eludes me because they are far beyond my >current level of comprehension. That being said, I'm doing some >trial by fire to try to make sense of how they work and hopefully >will then be able to relate some of what I read in the manual to what >I've made happen in tests... > >I'm trying to get a proxyuser working so I don't have to do >everything as Manager. > >I put this entry into my slapd.conf as per some tutorials I read: > >access to attrs=userPassword > by dn="cn=Proxyuser,dc=example,dc=ca" read > >and likewise, these entries into my ldap.conf: > >binddn cn=Proxyuser,dc=example,dc=ca >bindpw **** >rootbinddn cn=Proxyuser,dc=example,dc=ca > >and finally, the Proxyuser password in /etc/ldap.secret.
bindpw and rootbinddn are not OpenLDAP configuration directives. binddn is, but its not relevant here as you used the -D flag (or were specifying an anonymous bind). I also do not see the relevance of a ldap.secret given you didn't tell ldapsearch(1) to use a password file (via the -y flag). >Also, I'm a little confused about the difference between binddn and >rootbinddn. Well, given that rootbinddn is not a OpenLDAP ldap.conf(5) directive, it's ignored. As was bindpw. In your use of ldapsearch(1), binddn directive was ignored because either you provided a binddn or were specifying an anonymous bind (e.g., no password). Note that discussion regarding the difference of directives in non-OpenLDAP software packages (such as PAM/LDAP and NSS/LDAP) is off-topic here. - Kurt
