It appears that, when I use 'ldap_simple_bind_s' in the client
application and attempt to bind as a specific user, I'm still
considered to be an anonymous user and cannot access the 'homePhone'
attribute, although I should have read access to the 'homePhone'
attribute according to the ACL.
I have the following ACL set-up for entries in the directory.
In essence I want everyone to be able to read all entries except
'userPassword' and 'homePhone'. When I use dish and authenticate
as anonymous, I can't read 'userPassword' or 'homePhone'. When
I use dish and authenticate with the proper password as 'Admin'
or the user, I can read 'homePhone', as dictated by the ACL.
acl= group # c=US@o=Acme@cn=Admin # write # entry &\
group # c=US@o=Acme@cn=Admin # write # attributes # userPassword &\
group # c=US@o=Acme@cn=Admin # write # attributes # homePhone &\
group # c=US@o=Acme@cn=Admin # read # attributes # homePhone &\
self # write # entry &\
self # write # default &\
self # write # attributes # userPassword &\
self # write # attributes # homePhone &\
self # read # attributes # homePhone &\
others # read # entry &\
others # read # default &\
others # compare # attributes # userPassword &\
others # none # attributes # homePhone
However in the LDAP client application when I authenticate as the 'Admin'
or the user, I *cannot* read the 'homePhone' attribute.
The following is from quipulog showing the login:
12/10 11:59:24 xtquipu- 09524 (root ) X500 DAP context association (4):
Internet=131.175.179.40+34910
12/10 11:59:24 xtquipu- 09524 (root ) Bind (4) (simple):
c=US@o=Acme@cn=Admin
12/10 11:59:25 xtquipu- 09524 (root ) Search (4): c=US@o=Acme
12/10 11:59:25 xtquipu- 09524 (root ) Search subtree (sn=smith)
12/10 11:59:25 xtquipu- 09524 (root ) Result sent (4)
12/10 11:59:25 xtquipu- 09524 (root ) Unbind (4) (responder):
c=US@o=Acme@cn=Admin
I have noticed when I change the ACL for others:
FROM: others # none # attributes # homePhone
TO: others # read # attributes # homePhone
I can read the 'homePhone' attribute via the application. Any help will
be appreciated. thanks.