directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn McKinney <smckin...@apache.org>
Subject Re: [jira] [Commented] (FC-33) AuditMgr.getUserAuthZ cannot pull back faileOnly
Date Mon, 27 Apr 2015 14:25:17 GMT

> On Apr 27, 2015, at 8:39 AM, Emmanuel Lecharny (JIRA) <jira@apache.org> wrote:
> 
> 
> Any ACL set ?
> 
> Also what would be useful is to have the OpenbLDAP logs (filter, stats, ACL)

Yes, ACL’s could be the problem.  I’m still learning how docker works and must admit that
I don’t know how to navigate inside the container to find the settings.

Below are the ACL’s that typically would be set on openldap for fortress.  Nothing much
going on there.  Once I figure out how to look inside the fishbowl I’ll report back here.

### ACLs
access to dn="" by * read
access to *
	by self write
	by users read
	by anonymous auth
	by sockurl="^ldapi:///$" write

### This one allows user to modify their own password (needed for pw policies):
### This also allows user to modify their own ftmod attributes (needed for audit):
access to attrs=userpassword
         by self write
         by * auth

### Must allow access to dn.base to read supported features on this directory:
access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to *
	by self write
	by anonymous auth

### Disable null base search of rootDSE
### This disables auto-discovery capabilities of clients.
# Changed -> access to dn.base="" by * read <- to the following:
access to dn.base=""
     by * none
password-hash {SSHA}


Shawn
smckinney@apache.org


Mime
View raw message