[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access-Control

To: Samir Desai <samirmdesai@hotmail.com>
Subject: Re: Access-Control
From: Frank.Matthiess@t-online.de (Frank Matthieß)
Date: Tue, 03 Aug 1999 21:15:04 +0200
Cc: Stefan.Kiesow@nwn.de, stuart@eclipse.net.uk, openldap-software@OpenLDAP.org
References: <19990803184030.46499.qmail@hotmail.com>

Samir Desai schrieb:
> I am still trying to get the knack of building the acl's, since they are
> very picky in OpenLDAP.  Not only is the access controls importants but even
> their ordering.

Right. But depends on the defaultaccess rights. If you set this to none, than
the order is important. 

> access          to dn=".*,ou=Development,o=ZoomTown.com,c=US" attr=uid,userpassword
>                 by self write
>                 by dn="cn=root,ou=Development,o=ZoomTown.com,c=US" write
>                 by * compare
The "by * compare" will match first the binding "cn=Samir
Desai,ou=Development,o=ZoomTown.com,c=US".  So you have only rights to compare
entries. If i understand right the ldap server won't search for other matching
rules and it will not read the "by * search" in the next acccess description.

-- 
Frank Matthieß	      

Privat Frank.Matthiess@GMX.net			                +49-5245-4662
Firma  Frank.Matthiess@decor-metall.de                       +49-5222-286-315

Follow-Ups:
- Re: Access-Control
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Access-Control
  - From: "Samir Desai" <samirmdesai@hotmail.com>

Prev by Date: Access-Control
Next by Date: Re: Access-Control
Index(es):
- Chronological
- Thread