>>> Stefan Kania schrieb am 15.12.2022 um 18:55 in
Nachricht <4c04e864-2b72-c9d2-96b9-036c11f58...@kania-online.de>:
>
> Am 15.12.22 um 17:56 schrieb Quanah Gibson-Mount:
>>
>>
>> --On Thursday, December 15, 2022 3:02 PM +0100 Stefan Kania
>> wrote:
>>
>>> --
>>> dn: cn=config
>
Am 15.12.22 um 17:56 schrieb Quanah Gibson-Mount:
--On Thursday, December 15, 2022 3:02 PM +0100 Stefan Kania
wrote:
--
dn: cn=config
changetype: modify
replace: olcAuthzpolicy
olcAuthzpolicy: any
--
Since you only need it to be possible for the lloadd user to a
--On Thursday, December 15, 2022 3:02 PM +0100 Stefan Kania
wrote:
--
dn: cn=config
changetype: modify
replace: olcAuthzpolicy
olcAuthzpolicy: any
--
Since you only need it to be possible for the lloadd user to assume other
identities, I'd use a policy of 'to' in
Am 15.12.22 um 16:38 schrieb Ondřej Kuzník:
Should be authzTo if you're adding it to the lloadd's identity, are you
sure uid=lloadd,ou=users,dc=example,dc=net has 'auth' (+x) access to
dc=example,dc=net and the uid attribute on the subtree?
Thank you for the push in right direction
I added an
On Thu, Dec 15, 2022 at 03:02:00PM +0100, Stefan Kania wrote:
> --
> dn: cn=config
> changetype: modify
> replace: olcAuthzpolicy
> olcAuthzpolicy: any
> --
> Or do i have to set it inside the database for my object?
This is a global setting so that's the correct place.
>
Am 15.12.22 um 14:24 schrieb Ondřej Kuzník:
It's not possible inside lloadd but when lloadd uses an identity A and a
client binds with identity B, then sends an operation to it, what the
backend receives is an operation with proxyauthz carrying B over a
connection bound to A. If authz-policy sa
On Thu, Dec 15, 2022 at 01:43:41PM +0100, Stefan Kania wrote:
> Am 15.12.22 um 13:10 schrieb Ondřej Kuzník:
>> Hi Stefan,
>> the backends are refusing the lloadd's identity (in your case
>> uid=lloadd,ou=users,dc=example,dc=net) the permission to act as a proxy
>> for the users in question. You sho
Am 15.12.22 um 13:10 schrieb Ondřej Kuzník:
On Wed, Dec 14, 2022 at 09:20:14PM +0100, Stefan Kania wrote:
I now took the example configuration and changed it to my settings:
-
feature proxyauthz
bindconf bindmethod=simple
binddn=uid=lloadd,ou=users,dc=example,dc=
On Wed, Dec 14, 2022 at 09:20:14PM +0100, Stefan Kania wrote:
> I now took the example configuration and changed it to my settings:
>
> -
> feature proxyauthz
> bindconf bindmethod=simple
> binddn=uid=lloadd,ou=users,dc=example,dc=net
> -
>
> The b
I now took the example configuration and changed it to my settings:
-
TLSCertificateFile /opt/symas/etc/openldap/example-net-cert.pem
TLSCertificateKeyFile /opt/symas/etc/openldap/example-net-key.pem
TLSCACertificateFile /opt/symas/etc/openldap/cacert.pem
pidfile /var/
10 matches
Mail list logo