[Fedora-directory-users] Anonymous bind with restrictive ACIs
Pete Rowley
prowley at redhat.com
Tue Aug 22 18:30:37 UTC 2006
Adams, Samuel D Contr AFRL/HEDR wrote:
> Does anyone know what the minimum set of attributes are that need to
> be anonymously readable and still allow the OpenLDAP PAM client to
> authenticate?
>
>
>
> I tried to lock it down to only allow username, but that was too
> restrictive. Now I just have it restricting only the userPassword,
> but I thing there is room for further tightening.
>
I don't know offhand but you can either look in the logs for the
request, or use ethereal to sniff the packets to get the attributes
requested. Perhaps you forgot to allow access to objectclass?
--
Pete
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060822/5d464cc1/attachment.bin>
More information about the Fedora-directory-users
mailing list