Bruno Lamps <[email protected]> writes: > Hi, > > Thanks Dieter Kluenter and Buchan Milne for answering to this, and everyone > else that is reading this topic. =D > > It seems your ACLs are not sufficient for *any* simple binds to this DN. > > Please test the following on your LDAP server: > > $ ldapwhoami -x -D uid=lamps,ou=usuarios,dc=pisolar -W > > Until this command works, please don't bother with anything related to > squid. > > Right, this command isn't working for any user, except cn=admin,dc=pisolar. > I'm struggling with /etc/ldap/slapd.conf, to > solve this. I probably tried to make the ACLs a bit too tight, and now > they're choking me. =p > > Did you ever test simple binds to your LDAP server as these users except > from > > squid? It doesn't seem like it ... > > I use this ldap base to authenticate my GLPI () system. But I think GLPI just > grab all my base, using the ldap admin > password, and transports it to it's mysql database. =/ > > I'm currently testing different ACLs in /etc/ldap/slapd.conf. Right now, > these are the rules: > > access to * > by dn="cn=admin,dc=pisolar" write > #by anonymous none > #by self none > by * read > > access to attrs=userPassword,shadowLastChange > by dn="cn=admin,dc=pisolar" write > by anonymous auth > by self write > by * none > > access to dn.base="" by * read > > What kind of mistake am I doing there? =S
man slapd.access(5) http://www.openldap.org/doc/admin24/access-control.html http://www.openldap.org/faq/data/cache/189.html -Dieter -- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:8EF7B6C6 53°37'09,95"N 10°08'02,42"E
