3 Sep 17:45
default access in ACLs, and how to prevent it?
From: Ric <relentless@...>
Subject: default access in ACLs, and how to prevent it?
Newsgroups: gmane.comp.ldap.umich
Date: 2008-09-03 15:49:05 GMT
Subject: default access in ACLs, and how to prevent it?
Newsgroups: gmane.comp.ldap.umich
Date: 2008-09-03 15:49:05 GMT
I'm working on learning & setting up ACLs. My goal is to /not/ have anything set by default, deny all, and step-by-step allow each required access. In slapd.conf, I've defined security/ACLs as: security ssf=256 update_ssf=256 tls=256 update_tls=256 simple_bind=256 ... access to * by tls_ssf=256 peername.ip=127.0.0.1 break by tls_ssf=256 peername.ip=10.0.1.0%255.255.255.0 break access to dn.exact="uid=system,ou=System,dc=domain,dc=com" attrs=userPassword by ssf=256 self =x by * none access to * by * none When I test with: ldapsearch -LLL -ZZZ -x -W -D 'uid=system,ou=System,dc=domain,dc=com' -H ldap://domain.com:389 -b "" -s base '(objectclass=*)' + Enter LDAP Password: I get:(Continue reading)
RSS Feed