[Fedora-directory-users] ACI help
John A. Sullivan III
jsullivan at opensourcedevel.com
Mon Jan 5 10:41:41 UTC 2009
On Mon, 2009-01-05 at 00:23 -0700, James Chavez wrote:
> Hello,
>
> I am using FDS as a replacement for NIS for user authentication and
> group and host entries.
>
> I am looking to allow anonymous searches of the directory but to
> disallow the visibility of the userPassword attribute.
>
> I would like to allow access to the userPassword attribute to only the
> user that is authenticating to the directory for logins.
>
> I have read the ACI chapter on the Directory services Administrator's
> guide but I am still struggling a bit.
>
<snip>
We deleted the anonymous access rule so I don't have it in front of me
but I believe it defaults to not allowing access to the userPassword
attribute. I don't have an idm-console handy but I believe you can
check by right clicking on your top level container, viewing the ACIs,
selecting the anonymous access, going to the attribute tab, clicking on
the attribute column header to sort alphabetically and scrolling toward
the end. See if the usePassword attribute is unchecked. If not,
uncheck it. If you have enabled SAMBA extensions, you may also want to
uncheck the NTPassword and, oops! - forgot the other one but something
like LMPassword. Hope this helps - John
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com
http://www.spiritualoutreach.com
Making Christianity intelligible to secular society
More information about the Fedora-directory-users
mailing list