[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Insufficient access ??

To: "'Pierangelo Masarati'" <pmasarati@bci.it>
Subject: RE: Insufficient access ??
From: "De Leeuw guy" <G.De_Leeuw@eurofer.be>
Date: Tue, 24 Oct 2000 12:33:10 +0200
Cc: "'Jim Hud'" <jdhz@btinternet.com>, <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <39F5619D.DD709734@bci.it>

I'm using the global ACL, I don't know how puting local acl, but none are
specified.

Guy

-----Original Message-----
From: ando@core2.bci.it [mailto:ando@core2.bci.it]On Behalf Of
Pierangelo Masarati
Sent: Tuesday, October 24, 2000 12:17 PM
To: De Leeuw guy
Subject: Re: Insufficient access ??

De Leeuw guy wrote:

> Hi all,
>
> Here is the acl extract of my slapd.conf :
> ==========================================
> # Define global ACLs to disable default read access.
> defaultaccess none
>
> access to attr=userPassword
>         by self write
>         by anonymous auth
>         by * none
>
> access to *
>     by dn="cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be" write
>     by self write
>     by * read
> =========================================
>
> when I'm connected with the dn="cn=Katsiboubas Angélique, br=Internal,
> o=Eurofer, c=be"
> it's impossible to create or modify an entry.
> Why ?

Did you put the "access to " directives in the global scope, or in a
specific
database scope? I'm not sure, but in OpenLDAP2 global scope ACLs should
be overridden by local directives, and "defaultaccess none" means local
directives
are VERY restrictive, so they override the global writing permissions may
be
trying to give.

Bye, Pierangelo.

Prev by Date: Re: problems compiling with kerberos support
Next by Date: RE: Insufficient access ??
Index(es):
- Chronological
- Thread