[SAC] Re: Anonymous and authenticated binding to the LDAP
Howard Butler
hobu at iastate.edu
Sat Feb 10 15:12:36 EST 2007
Check that, only these permissions seem to work:
> access to *
> by self write
> by users read
> by anonymous auth
Howard
On Feb 10, 2007, at 1:48 PM, Howard Butler wrote:
> Shawn,
>
> After our firewall issues were fixed, I have been able to get our
> LDAP setup to allow anonymous authentication so that we do not have
> to have our cn=Manager binding throughout our setup.
>
> I enabled these permissions on the LDAP:
>
> access to attr=userPassword
> by self write
> by anonymous auth
> by users read
>
> access to *
> by self write
> by users read
> by anonymous auth
>
> This allows our authentication and HTTPAuth blocks to be as simple
> as (this is GDAL's Trac on test.osgeo.org):
>> <Location "/gdal/login">
>> AuthType Basic
>> AuthName "GDAL Trac"
>> AuthLDAPURL ldap://66.223.95.242:389/
>> ou=people,dc=osgeo,dc=org?uid?sub?(objectClass=*)
>> require group cn=gdal,ou=svn,dc=osgeo,dc=org
>> </Location>
>
> Can you confirm that I didn't just open up our LDAP to read/write
> to the entire world and that this looks ok?
>
> Thanks
>
> Howard
More information about the Sac
mailing list