[389-users] ACI and authenticating clients/servers
Matti Alho
listat at alho.fi
Tue Sep 18 07:47:42 UTC 2012
Hi,
First big thanks for all people developing and maintaining 389ds! I've
been learning LDAP for a while and one question which I haven't been
able to figure out.
There are bunch of Debian servers authenticating against 389ds. I
started with anonymous bind to get the basic setup working. Now I would
like to limit access to 389ds. What is the best/recommended way to
achieve this? I have stuff under ou=Groups,dc=domain,dc=com (e.g.
ou=Sales,ou=Groups,dc=domain,dc=com) which I don't want to be visible
for clients/servers.
* Create an entry under people ou=People,dc=domain,dc=com and use that
for credentials on all servers? Create an ACI based on this?
* Create e.g. ou=Servers,dc=domain,dc=com, put an entry there for each
server separately and create an ACI based on this?
Thanks for answering my probably simple question!
Mr. Matti Alho
More information about the 389-users
mailing list