[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: openldap acl question

To: luci-discuss@luci.org, silug-discuss@silug.org
Subject: Re: openldap acl question
From: bob@evilkat.com
Date: Fri, 10 Dec 2004 16:41:49 -0600
In-Reply-To: <20041210132314.A17439@katspit.evilkat.com>; from bob@evilkat.com on Fri, Dec 10, 2004 at 01:23:14PM -0600
Organization: Linux Users of Central Illinois
References: <20041210132314.A17439@katspit.evilkat.com>
Reply-To: luci-discuss@luci.org
Sender: luci-discuss-owner@luci.org
User-Agent: Mutt/1.2.5.1i

On Fri, Dec 10, 2004 at 01:23:14PM -0600, bob@evilkat.com wrote:
> The end result is that the machine and admin accounts can see the right 
> structure but when I click on a user account with gq it errors out badly 
> with a complaint about not being able to contact the schema server. Also
> doing ldapsearch's nothing is returned.  I believe I need an acl to allow
> for those accounts to see the schema behind the entries.  Any help or 
> comments on this would be greatly appreciated. 

well i still would appreciate any comments on my acl design or thoughts on 
ways to make it better but with a slight change I now have results out of
ldapsearch using the admin and machine accounts.  I was missing a break 
statement on the end of each rule that governed the users attributes.  I 
believe that it was stopping with the entry match and not showing any 
attributes to the client (so it couldn't match cn=* or any other search).
Gq still dies miserably on a schema error so it's less than helpful.  Any
thoughts are appreciated.

Bob

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.

References:
- openldap acl question
  - From: bob@evilkat.com

Prev by Date: Tools and Techniques
Next by Date: Re: Tools and Techniques
Prev by thread: openldap acl question
Next by thread: Telemarketers and your Cell Phones
Index(es):
- Date
- Thread