Tightening Up OpenLDAP slapd

August 24th, 2009

I'm working on LDAP now, and just realized some of the changes I made yesterday made my primary LDAP server too tight.

To be able to login via phpldapadmin, I had to add this to my slapd.conf:

access to attrs=entry,cn by anonymous read

I'm also reading up on Ruby's LDAP extension. Like many ruby libraries, it looks very good!

UPDATE: slapd.conf needed more to it that the above. After adding the above, other users were getting no results for their subtree searches. Access control in slapd.conf depends upon the order in which rules are listed. Additionally, it appears that rules can only be listed once. I've updated the access rules to only allow anonymous access to certain subtrees, read access to everything by a replicating user, and the rest remains the same. I'm specifying the user, but I may use this instead:

access to attrs=entry,cn by anonymous read

"SEARCH RESULT tag=101 err=32 nentries=0 text=" That's the error I was getting at first. After switching to loglevel 128 (access control processes), I was able to determine that was the problem.

Yearly Indexes: 2003 2004 2006 2007 2008 2009 2010 2011 2012 2013 2015 2019 2020 2022