[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-technical
Subject:    Antw: [EXT] Re: lloadd Proxied Authorization Denied (123)
From:       "Ulrich Windl" <Ulrich.Windl () rz ! uni-regensburg ! de>
Date:       2022-12-16 7:13:44
Message-ID: 639C1AA8020000A1000507CB () gwsmtp ! uni-regensburg ! de
[Download RAW message or body]

> > > Stefan Kania <stefan@kania-online.de> schrieb am 15.12.2022 um 18:55 in
Nachricht <4c04e864-2b72-c9d2-96b9-036c11f58bbc@kania-online.de>:

> 
> Am 15.12.22 um 17:56 schrieb Quanah Gibson-Mount:
> > 
> > 
> > --On Thursday, December 15, 2022 3:02 PM +0100 Stefan Kania 
> > <stefan@kania-online.de> wrote:
> > 
> > > --------------
> > > dn: cn=config
> > > changetype: modify
> > > replace: olcAuthzpolicy
> > > olcAuthzpolicy: any
> > > --------------
> > 
> > Since you only need it to be possible for the lloadd user to assume 
> > other identities, I'd use a policy of 'to' instead of 'any'.
> > 
> > --Quanah
> > 
> > 
> Thank you, I will change it. Setting it to "any" was just an act of 
> desperation ;-) To get it work.Now comes security and fine tuning

Once you have a transition from "working" to "no longer working" it's easier to find \
out what you might have done wrong, rather than starting with a state "not working" \
;-)


> > 
> > 
> > 


[prev in list] [next in list] [prev in thread] [next in thread]