[prev in list] [next in list] [prev in thread] [next in thread]
List: openldap-technical
Subject: Antw: [EXT] Re: lloadd Proxied Authorization Denied (123)
From: "Ulrich Windl" <Ulrich.Windl () rz ! uni-regensburg ! de>
Date: 2022-12-16 7:13:44
Message-ID: 639C1AA8020000A1000507CB () gwsmtp ! uni-regensburg ! de
[Download RAW message or body]
> > > Stefan Kania <stefan@kania-online.de> schrieb am 15.12.2022 um 18:55 in
Nachricht <4c04e864-2b72-c9d2-96b9-036c11f58bbc@kania-online.de>:
>
> Am 15.12.22 um 17:56 schrieb Quanah Gibson-Mount:
> >
> >
> > --On Thursday, December 15, 2022 3:02 PM +0100 Stefan Kania
> > <stefan@kania-online.de> wrote:
> >
> > > --------------
> > > dn: cn=config
> > > changetype: modify
> > > replace: olcAuthzpolicy
> > > olcAuthzpolicy: any
> > > --------------
> >
> > Since you only need it to be possible for the lloadd user to assume
> > other identities, I'd use a policy of 'to' instead of 'any'.
> >
> > --Quanah
> >
> >
> Thank you, I will change it. Setting it to "any" was just an act of
> desperation ;-) To get it work.Now comes security and fine tuning
Once you have a transition from "working" to "no longer working" it's easier to find \
out what you might have done wrong, rather than starting with a state "not working" \
;-)
> >
> >
> >
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic