LDAP Security
Ryan Golhar
golharam at umdnj.edu
Wed Apr 14 02:08:23 UTC 2004
Does anyone have any experience with LDAP? I have an LDAP server setup
to authenticate users. I want to allow certain users the ability to add
other users and change passwords. I don't want them to be able to
delete users. Right now, my slapd.conf file contains the following
ACLs:
#
# ACLs
#
access to dn=".*,ou=People,o=v12,o=UMDNJ,c=US"
attr=userPassword
by self write
by dn="uid=root,ou=People,o=v12,o=UMDNJ,c=US" write
by * auth
# allows admins to add users to "users" group
access to dn="cn=users,ou=Group,o=v12,o=UMDNJ,c=US"
attr=memberUid
by self write
by dn="uid=root,ou=People,o=v12,o=UMDNJ,c=US" write
by dn="uid=golharam,ou=People,o=v12,o=UMDNJ,c=US" write
by dn="uid=kerrigje,ou=People,o=v12,o=UMDNJ,c=US" write
by dn="uid=kholodvl,ou=People,o=v12,o=UMDNJ,c=US" write
by dn="uid=byrne,ou=People,o=v12,o=UMDNJ,c=US" write
by * read
# allows admins to add users
access to dn="ou=People,o=v12,o=UMDNJ,c=US"
by self write
by dn="uid=root,ou=People,o=v12,o=UMDNJ,c=US" write
by dn="uid=golharam,ou=People,o=v12,o=UMDNJ,c=US" write
by dn="uid=kerrigje,ou=People,o=v12,o=UMDNJ,c=US" write
by dn="uid=kholodvl,ou=People,o=v12,o=UMDNJ,c=US" write
by dn="uid=byrne,ou=People,o=v12,o=UMDNJ,c=US" write
by * read
access to dn=".*,o=v12,o=UMDNJ,c=US"
by self write
by dn="uid=root,ou=People,o=UMDNJ,c=US" write
by * read
access to dn=".*,o=UMDNJ,c=US"
by * read
defaultaccess read
-----
Ryan Golhar
Computational Biologist
The Informatics Institute at
The University of Medicine & Dentistry of NJ
Phone: 973-972-5034
Fax: 973-972-7412
Email: golharam at umdnj.edu
More information about the redhat-list
mailing list