Re: [Evolution] Evolution LDAP authentification

From: Vincent Frison <turman ohmforce com>
To: Yatin Chawathe <dummy chawathe com>
Cc: evolution ximian com
Subject: Re: [Evolution] Evolution LDAP authentification
Date: 28 Nov 2001 01:18:59 +0100

On Tue, 2001-11-27 at 18:52, Yatin Chawathe wrote:

It would be helpful to have two modes of operation: the "regular user"
mode where they type in their email address for authentication, and
the "advanced user" mode which expects the raw DN.

I have actually been able to configure my LDAP server with limited
anonymous read access (only some of the fields in the authentication
record are publicly readable).  Of course this works only if there are
just a handful of users that have authenticated access.  Here is the
relevant portion of my slapd.conf:

# Allow access to the Manager record only to the Manager
access to dn="cn=Manager,dc=chawathe,dc=com"
by self write
by * none

# Allow everyone to read enough fields of the authentication record(s)
# to initiate the authentication process
# Many email/LDAP clients perform authentication based on the value of
the
# "mail" entry in the authentication record. That's why they need read
# access to some of the entries in the record
access to dn="cn=Yatin Chawathe,dc=chawathe,dc=com"
attr=entry,dn,objectClass,cn,mail
by self write
by * read

# Everyone needs auth permission for the record(s) as well
# This allows enough permission to verify
# the client's password
access to dn="cn=Yatin Chawathe,dc=chawathe,dc=com"
by self write
by * auth

# Evo needs permission to read this to access the schema
access to dn="cn=Subschema"
by self write
by * read

# The default access permissions
access to *
by dn="cn=Manager,dc=chawathe,dc=com" write
by dn="cn=Yatin Chawathe,dc=chawathe,dc=com" write
by * none

Hope this helps,


Yeap it did! Thanks for these conf tips and thanks to Chris for his LDAP
work in Ev too..
And i'm totaly aggree with you to consider that allowing two auth.
methods (DN and mail attribut) would be a great feature, because i don't
think that every end user would be able to tweak his LDAP server config!
 
-- 
------------------------------------------------------------
Vincent Frison                     |               Ohm Force
System Administrator               |  Digital Audio Software
mailto:vincent frison ohmforce com | http://www.ohmforce.com
------------------------------------------------------------

References:
- [Evolution] Evolution LDAP authentification
  - From: Vincent Frison
- Re: [Evolution] Evolution LDAP authentification
  - From: Chris Toshok
- Re: [Evolution] Evolution LDAP authentification
  - From: Yatin Chawathe

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]