ldap, access control and kerberos authentication

Art Mulder (art.mulder@UAlberta.CA)
Tue, 2 Apr 1996 12:02:38 -0700 (MST)

(Ack, ldap newbie alert! :-)

Hi, I've got ldap3.2 (slapd) built and installed, with the
kerberos support compiled in.

I created a minimal database as per page 11 of the slapd
administration guide (section 2: Quick Start Guide)

Slapd runs fine, and using maX.500 I can contact the daemon and
look up the entries in that minimal database.

Now I'm looking into Access control. Our goal is let users have
access to update _part_ of their directory entries. (much like the
Umich setup that I've been reading about in their ldap web pages)

However, I'm not sure exactly how to proceed. The section on
Access Control (5.3) in the slapd manual is not telling me what
I think I need to know.

I'd like to hear from anyone who has made use of access control in
letting users update their entries. Can you provide me with some
slapd.conf examples?

For example: In order for the daemon to authenticate someone, I presume
that the database entry should have their kerberos ID in it somewhere,
but I can find no reference in the documentation to how that should

pointers or any help gratefully accepted.

..art mulder ( art.mulder@ualberta.ca )( http://www.ualberta.ca/~amulder/ )
( Sys Admin / Support Analyst, Network Resources )
( Computing and Network Services, U of Alberta, Edmonton )