[turba] Re: ldap config so users can edit their own address book
Lucius Junevicus
ljunevicus at delphinus.com
Wed Mar 12 11:10:40 PST 2003
Thanks I'll try this.
I'm not sure how the bind_password => Auth::getCredential('password') works
in regards to the slapd.conf file.
I assume it trys to bind with the user's password, but I'm not sure how
openldap knows that this password is something it can use. The root ldap
password is specified in the slapd.conf file, but I don't have the user's
passwords specified in that file. How does that work?
Still a beginner with ldap.
Thanks.
"Amith Varghese" <amith at xalan.com> wrote in message
news:1047403078.e795987794286 at amith.xalan.com...
> > The array(Auth::getAuth()) seems to allow me to edit everyone's address.
>
> I have this, but the difference between my entry and your is the
following:
>
> 'root' => 'ou=' . Auth::getAuth() . ',ou=Personal Address
Book,dc=mydomain,dc=com',
> 'bind_dn' => 'uid=' . Auth::getAuth() . ',ou=People,dc=mydomain,dc=com',
> 'bind_password' => Auth::getCredential('password'),
>
> That way only the person logged in can access their own address book based
on
> the how the root and bind_dn are constructed. Not pretty but it works
well.
>
> >
> > This is the access part of my slapd.conf file
> > access to dn=".*,ou=users,o=ourcompany"
> > by self write
> > by dn="cn=userAdmin,o=ourcompany" write
> > by anonymous read
>
> To back this up with ACLs I do the following
>
> access to dn="ou=(.*),ou=Personal Address Book,dc=mydomain,dc=com"
> by dn="uid=$1,ou=People,dc=mydomain,dc=com" write
> by * none
>
> This enforces it within OpenLDAP so clients connecting with other clients
can
> view/edit someone else's address book.
>
> Amith
>
>
> --
> Turba mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: turba-unsubscribe at lists.horde.org
>
More information about the turba
mailing list