Re: ldap, access control and kerberos authentication

Tim Howes (
Tue, 02 Apr 1996 15:31:56 -0500

> From: art.mulder@UAlberta.CA (Art Mulder)
> To:

> Hi, I've got ldap3.2 (slapd) built and installed, with the
> kerberos support compiled in.
> I created a minimal database as per page 11 of the slapd
> administration guide (section 2: Quick Start Guide)
> Slapd runs fine, and using maX.500 I can contact the daemon and
> look up the entries in that minimal database.
> Now I'm looking into Access control. Our goal is let users have
> access to update _part_ of their directory entries. (much like the
> Umich setup that I've been reading about in their ldap web pages)
> However, I'm not sure exactly how to proceed. The section on
> Access Control (5.3) in the slapd manual is not telling me what
> I think I need to know.
> I'd like to hear from anyone who has made use of access control in
> letting users update their entries. Can you provide me with some
> slapd.conf examples?
> For example: In order for the daemon to authenticate someone, I presume
> that the database entry should have their kerberos ID in it somewhere,
> but I can find no reference in the documentation to how that should
> go.
> pointers or any help gratefully accepted.

There will be a new (beta) release of ldap within the next few days,
and it should fix some bugs in the acl area, do a better job of documenting
how to set up acls, deal with kerberos, etc. Stand by... -- Tim