Hello everyone. I need to admit that I am pretty new to Apache Directory Server/Studio. I am trying to setup an instance of Apache Directory Server to use it as an authentication server for several applications (websites, portal, devices, ecc.) we run in my company.
I created a tree with o=companyname, ou=users that contains all my users. The authentication works correctly with an anonymous bind from a web application: I set up the ldap server ip and port, base dn and mapping between username in a test web application and the relevant attribute in the directory server (in this case, uid). Now I would like to disable anonymous bind and force the test web application (and any other auth client) login with a so-called "service account" (i hope the terminology is correct, i mean an account that identifies a specific service/application), without using the main admin credentials. So I disabled the autonomous bind and created another ou ( o=companyname, ou=serviceAccounts ) to be populated with apps identifiers (objectclasses: applicationProcess, simpleSecurityObject). Now i would like to understand how to grant these service accounts the proper permissions (ex. the ability to authenticate users and nothing else) using AD Studio. I used OpenLDAP a little bit in the past and there this would be probably accomplished with some kind of olcAccess statement in an ldif. I think I could probably use the same approach here (creating an ldif file and importing it) but, since I would like to master AD Studio, I would love someone to give me hints or pointing me to a nice tutorial (i found a few ones out there, but they all focus on the users/groups create/edit operations). Thanks in advance for reading all of this. SB
