On 12/2/18 7:45 PM, Alistair Cunningham wrote:
This is all done and working. In the end, the changes I needed were:
dn: cn=config
changetype: modify
replace: nsslapd-allow-anonymous-access
nsslapd-allow-anonymous-access: rootdse
dn: dc=example,dc=com
changetype: modify
delete: aci
aci:
This is all done and working. In the end, the changes I needed were:
dn: cn=config
changetype: modify
replace: nsslapd-allow-anonymous-access
nsslapd-allow-anonymous-access: rootdse
dn: dc=example,dc=com
changetype: modify
delete: aci
aci: (targetattr!="userPassword || aci")(version 3.0; acl
On 30/11/2018 00:00, Ludwig Krispenz wrote:
On 11/29/2018 12:12 PM, Alistair Cunningham wrote:
On 29/11/2018 20:12, Ludwig Krispenz wrote:> On 11/29/2018 12:32 AM,
Alistair Cunningham wrote:
Is there a neat way to replace the ACL below that needs to be added
once for each ou with one single
On 11/29/2018 12:12 PM, Alistair Cunningham wrote:
On 29/11/2018 20:12, Ludwig Krispenz wrote:> On 11/29/2018 12:32 AM,
Alistair Cunningham wrote:
Is there a neat way to replace the ACL below that needs to be added
once for each ou with one single ACL that works for every ou?
Perhaps some way
On 29/11/2018 20:12, Ludwig Krispenz wrote:> On 11/29/2018 12:32 AM,
Alistair Cunningham wrote:
Is there a neat way to replace the ACL below that needs to be added
once for each ou with one single ACL that works for every ou? Perhaps
some way of saying that the "ou=2,dc=example,dc=com" in the
On 11/29/2018 12:32 AM, Alistair Cunningham wrote:
Thank you, it's now working correctly! We don't need anonymous access.
Is there a neat way to replace the ACL below that needs to be added
once for each ou with one single ACL that works for every ou? Perhaps
some way of saying that the
Thank you, it's now working correctly! We don't need anonymous access.
Is there a neat way to replace the ACL below that needs to be added once
for each ou with one single ACL that works for every ou? Perhaps some
way of saying that the "ou=2,dc=example,dc=com" in the target part must
match
On 11/27/18 8:15 PM, Alistair Cunningham wrote:
On 28/11/2018 12:08, Mark Reynolds wrote:
On 11/27/18 7:24 PM, Alistair Cunningham wrote:
I've added these acis, but a telephone (with objectClass 'person')
in tenant1 can still see people (with objectClass 'inetOrgPerson')
in tenant2.
On 28/11/2018 12:08, Mark Reynolds wrote:
On 11/27/18 7:24 PM, Alistair Cunningham wrote:
I've added these acis, but a telephone (with objectClass 'person') in
tenant1 can still see people (with objectClass 'inetOrgPerson') in
tenant2. Presumably there needs to also be a blanket aci to forbid
On 11/27/18 7:24 PM, Alistair Cunningham wrote:
I've added these acis, but a telephone (with objectClass 'person') in
tenant1 can still see people (with objectClass 'inetOrgPerson') in
tenant2. Presumably there needs to also be a blanket aci to forbid all
telephones from viewing other
I've added these acis, but a telephone (with objectClass 'person') in
tenant1 can still see people (with objectClass 'inetOrgPerson') in
tenant2. Presumably there needs to also be a blanket aci to forbid all
telephones from viewing other tenants, that these tenant-specific allow
acis then
On 27/11/2018 15:05, Mark Reynolds wrote:
I see, thank you. In that case, what DN should I use instead of
"cn=1234567890,ou=2,dc=integrics,dc=com" for this
simpleSecurityObject? If no DN, how do I specify the
simpleSecurityObject's username?
You should add an objectclass that allows CN (or
On 11/26/18 8:35 PM, Alistair Cunningham wrote:
On 27/11/2018 12:32, Mark Reynolds wrote:
On 11/26/18 7:44 PM, Alistair Cunningham wrote:
Thank you, I'll give that a go.
On a related topic, do you know why when I try to add a
simpleSecurityObject, I get a 'attribute "cn" not allowed' error?
On 27/11/2018 12:32, Mark Reynolds wrote:
On 11/26/18 7:44 PM, Alistair Cunningham wrote:
Thank you, I'll give that a go.
On a related topic, do you know why when I try to add a
simpleSecurityObject, I get a 'attribute "cn" not allowed' error?
$ cat 1234567890.ldif
dn:
On 11/26/18 7:44 PM, Alistair Cunningham wrote:
Thank you, I'll give that a go.
On a related topic, do you know why when I try to add a
simpleSecurityObject, I get a 'attribute "cn" not allowed' error?
$ cat 1234567890.ldif
dn: cn=1234567890,ou=2,dc=integrics,dc=com
objectClass:
Thank you, I'll give that a go.
On a related topic, do you know why when I try to add a
simpleSecurityObject, I get a 'attribute "cn" not allowed' error?
$ cat 1234567890.ldif
dn: cn=1234567890,ou=2,dc=integrics,dc=com
objectClass: simpleSecurityObject
userPassword: abcdef
$ ldapadd -x -D
Hi,
I'm using the Redhat documentation on this link
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html-single/plug-in_guide/index
Regards
lun. 26 nov. 2018 à 05:46, Alistair Cunningham
a écrit :
> On 25/11/2018 11:44, Olivier JUDITH wrote:
> > From my point of
On 25/11/2018 11:44, Olivier JUDITH wrote:
From my point of view , the easiest way to solve this is to set a search
filter on the OU corresponding to the tenant on each phone.
Can you modify the software on the phone ?
Unfortunately not. The telephone handset firmware is written by various
Hi ,
From my point of view , the easiest way to solve this is to set a search filter
on the OU corresponding to the tenant on each phone.
Can you modify the software on the phone ?
The other way could be by creating a 389 plugin that add a filter on the good
OU regarding the DN of user which
19 matches
Mail list logo
