[Samba] "ldap passwd sync" not working - SOLVED
Guenther Deschner
gd at samba.org
Sat Feb 5 20:33:29 GMT 2005
Hi,
On Sat, Feb 05, 2005 at 11:33:39PM +0300, Alexander Zubkov wrote:
> Yeah! I did it, thanks all, who helped.
> Searching for "rootDSE" in Internet showed that it is exported by LDAP
> server as other data (in common words) so access control are applied to
> it too. And my hands ( lame ;) ) wrote at the end of slapd.conf:
> access dn=".*,dc=domain,dc=my" by * read
> But rootDSE, of course not subtree of this! And LDAP, honestly, denied
> access to it. So the solution was:
> access to * by * read
It is much better to set
access to dn.base="" by * read
to prevent to open potential security gap. The above ACL only allows
world-read access to the root-dse and not to all other non-matched content
of your entire DIT.
Thanks,
Guenther
--
Guenther Deschner Samba Team
SerNet GmbH - Goettingen gd at samba,org
gd at sernet.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20050205/9d1b415d/attachment.bin
More information about the samba
mailing list