[389-users] ACL doesn't works
Patrick Morris
patrick.morris at hp.com
Tue Sep 25 18:16:20 UTC 2012
On 9/25/2012 11:07 AM, Satish Patel wrote:
> This is what i got in access logs.
>
>
> [25/Sep/2012:14:04:36 -0400] conn=497 fd=75 slot=75 connection
> from 10.101.100.236 to 10.10.52.10
> [25/Sep/2012:14:04:36 -0400] conn=497 op=0 BIND dn="cn=Directory
> Manager" method=128 version=3
> [25/Sep/2012:14:04:36 -0400] conn=497 op=0 RESULT err=0 tag=97
> nentries=0 etime=0 dn="cn=directory manager"
> [25/Sep/2012:14:04:36 -0400] conn=497 op=1 SRCH
> base="dc=example,dc=com" scope=2
> filter="(&(uid=test4)(objectClass=person))" attrs="1.1"
> [25/Sep/2012:14:04:36 -0400] conn=497 op=1 RESULT err=0 tag=101
> nentries=1 etime=0
> [25/Sep/2012:14:04:36 -0400] conn=498 fd=76 slot=76 connection
> from 10.101.100.236 to 10.10.52.10
> [25/Sep/2012:14:04:36 -0400] conn=497 op=2 UNBIND
> [25/Sep/2012:14:04:36 -0400] conn=497 op=2 fd=75 closed - U1
> [25/Sep/2012:14:04:36 -0400] conn=498 op=0 BIND
> dn="uid=test4,ou=People,dc=example,dc=com" method=128 version=3
> [25/Sep/2012:14:04:36 -0400] conn=498 op=0 RESULT err=0 tag=97
> nentries=0 etime=0 dn="uid=test4,ou=people,dc=example,dc=com"
> [25/Sep/2012:14:04:36 -0400] conn=498 op=1 UNBIND
>
>
>
>
>
>
> On Tue, Sep 25, 2012 at 1:46 PM, Grzegorz Dwornicki <gd1100 at gmail.com
> <mailto:gd1100 at gmail.com>> wrote:
>
> Can you provide logs from FDS when you are trying to login via
> application?
>
> Greg.
>
> 25 wrz 2012 19:27, "Satish Patel" <satish.txt at gmail.com
> <mailto:satish.txt at gmail.com>> napisaĆ(a):
>
> Hello ALL,
>
> I have a web base application and user authenticate web
> application using Directory Service (FDS). I want to restrict
> some user to not allow to login so i have implement host base
> deny ACL. But somehow it doesn't works. may be i am missing
> something. following acl i have.
>
> (targetattr = "*") (version 3.0;acl "Host ACL";deny
> (all)(userdn =
> "ldap:///uid=test,ou=People,dc=example,dc=com") and
> (ip="10.101.100.236");)
>
>
> But interesting thing is, it works with ldapsearch but not
> with Web application?
>
Your ACL specifies "uid=test," but that bind was done with "test4".
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20120925/bcd5bea2/attachment.html>
More information about the 389-users
mailing list