[SAC] Anonymous and authenticated binding to the LDAP

Howard Butler hobu at hobu.net
Sat Feb 10 14:48:23 EST 2007


After our firewall issues were fixed, I have been able to get our  
LDAP setup to allow anonymous authentication so that we do not have  
to have our cn=Manager binding throughout our setup.

I enabled these permissions on the LDAP:

access to attr=userPassword
         by self write
         by anonymous auth
         by users read

access to *
         by self write
         by users read
         by anonymous auth

This allows our authentication and HTTPAuth blocks to be as simple as  
(this is GDAL's Trac on test.osgeo.org):
>     <Location "/gdal/login">
>       AuthType Basic
>       AuthName "GDAL Trac"
>       AuthLDAPURL ldap:// 
> ou=people,dc=osgeo,dc=org?uid?sub?(objectClass=*)
>       require group cn=gdal,ou=svn,dc=osgeo,dc=org
>     </Location>

Can you confirm that I didn't just open up our LDAP to read/write to  
the entire world and that this looks ok?



More information about the Sac mailing list