Results 1 to 4 of 4

Thread: Configure "Access Control Configuration" in YAST

Hybrid View

  1. #1

    Configure "Access Control Configuration" in YAST

    Hello,
    Im working with SLES 11.1 and OpenLDAP 2.4.20.

    In Yast Im trying configure "Access Control Configuration" but it doesnt work. I have to deploy 2 conditions: cn=userproxy,dc=users,dc=tree access read only over subtree dc=container,dc=tree and cn=admin,dc=users,dc=tree all access on all entries.

    Over the rule "special access rules first, generic access rules last" i was set:

    On "All entries", The user with the DN cn=admin,dc=users,dc=tree Manage (full), and "Stop Access Control evaluation here"
    On "All Entries in the subtree" dc=container,dc=tree , The user with the DN cn=userproxy,dc=users,dc=tree read , and "Stop Access Control evaluation here"
    All entries everybody read all attributes, "Stop Access Control evaluation here".

    I could not find documentation on Access Control Configuration through YAST. Do you know where to get some information?

    Regards.

  2. Re: Configure "Access Control Configuration" in YAST

    Hi sergiohnj,
    Quote Originally Posted by sergiohnj View Post
    Hello,
    Im working with SLES 11.1 and OpenLDAP 2.4.20.

    In Yast Im trying configure "Access Control Configuration" but it doesnt work. I have to deploy 2 conditions: cn=userproxy,dc=users,dc=tree access read only over subtree dc=container,dc=tree and cn=admin,dc=users,dc=tree all access on all entries.

    Over the rule "special access rules first, generic access rules last" i was set:

    On "All entries", The user with the DN cn=admin,dc=users,dc=tree Manage (full), and "Stop Access Control evaluation here"
    On "All Entries in the subtree" dc=container,dc=tree , The user with the DN cn=userproxy,dc=users,dc=tree read , and "Stop Access Control evaluation here"
    All entries everybody read all attributes, "Stop Access Control evaluation here".

    I could not find documentation on Access Control Configuration through YAST. Do you know where to get some information?

    Regards.
    one way to check would be to look at what YaST put into /etc/openldap/slapd.conf and compare that to the OpenLDAP documentation.

    Since SLES11SP1 is out of support (unless you have some special support contract), you might consider upgrading to a newer level (i.e. SP3). Depending on your use, I recall that the shipped OpenLDAP version had serious issues, especially in the area of replication.

    Regards,
    Jens
    From the times when today's "old school" was "new school"

    If you find this post helpful and are logged into the web interface, show your appreciation and click on the star below...

  3. #3

    Re: Configure "Access Control Configuration" in YAST

    thanks jmozdzen,

    Quote Originally Posted by jmozdzen View Post
    Hi sergiohnj,


    one way to check would be to look at what YaST put into /etc/openldap/slapd.conf and compare that to the OpenLDAP documentation.
    From /etc/openldap/slapd.conf :
    "# Note: The OpenLDAP configuration has been created by YaST. YaST does not
    # use /etc/openldap/slapd.conf to store the OpenLDAP configuration anymore.
    # YaST uses OpenLDAP's dynamic configuration database (back-config) to
    # store the LDAP server's configuration."

    Quote Originally Posted by jmozdzen
    Since SLES11SP1 is out of support (unless you have some special support contract), you might consider upgrading to a newer level (i.e. SP3). Depending on your use, I recall that the shipped OpenLDAP version had serious issues, especially in the area of replication.

    Regards,
    Jens
    Thanks!

  4. Re: Configure "Access Control Configuration" in YAST

    Hi sergiohnj,
    Quote Originally Posted by sergiohnj View Post
    From /etc/openldap/slapd.conf :
    "# Note: The OpenLDAP configuration has been created by YaST. YaST does not
    # use /etc/openldap/slapd.conf to store the OpenLDAP configuration anymore.
    # YaST uses OpenLDAP's dynamic configuration database (back-config) to
    # store the LDAP server's configuration."
    So then... take a look at what's in the according LDIF file ("/etc/openldap/slapd.d/cn\=config/olcDatabase\=\{-1\}frontend.ldif" ?)

    Is that really SLES11SP1? I thought that they started LDIF-based configuration in SP3, but maybe I was just to old-school to take notice before then.

    Regards,
    Jens
    From the times when today's "old school" was "new school"

    If you find this post helpful and are logged into the web interface, show your appreciation and click on the star below...

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •