Summary: | Some issues with LDAP ACLs | ||
---|---|---|---|
Product: | [OLD] Docs-user | Reporter: | Sven Vermeulen (RETIRED) <swift> |
Component: | Other | Assignee: | Sven Vermeulen (RETIRED) <swift> |
Status: | RESOLVED WONTFIX | ||
Severity: | normal | CC: | docs-team |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://www.gentoo.org/doc/en/ldap-howto.xml | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Sven Vermeulen (RETIRED)
2005-01-11 09:45:16 UTC
After lots of investigation, I have to say I don't think it's needed. When binddn isn't set, it uses an anonymous connection to the ldap server. All ACLs allow anonymous connections to authenticate. The issue is that, running whoami, will do an anonymous query for the username, and this is indeed disallowed by the ACL, but that's the admin's decision. If he wants to allow this query'ing, use access to attrs=uid,uidNumber,gidNumber by anonymous read |