[Date Prev][Date Next] [Chronological] [Thread] [Top]

acl question

To: "Openldap-Software (E-mail)" <openldap-software@OpenLDAP.org>
Subject: acl question
From: Daniell Freed <dxf@dewittross.net>
Date: Fri, 02 Mar 2001 16:23:08 -0600

I need to setup an acl where a specific user has write access to a particular ou and everything below it. What I have tried to do is this:

# access levels
defaultaccess read

access to * by dn="cn=manager,o=contacts.company.net" write

access to dn=".*,ou=people,o=contacts.company.net"
by dn="cn=admin,o=contacts.company.net" write
by * read

access to dn=".*,ou=groups,o=contacts.company.net"
by dn="cn=admin,o=contacts.company.net" write
by * read

When I do this though I just get read access when I am binding to the cn=admin user account. The bind operation seems to work fine, but can't modify anything in the ou=people or ou=groups trees when using admin. cn=manager is the root dn, and that works fine.

Can anyone help me see what I am doing wrong? I am using openldap 1.2.9, if it matters.

Thanks.

-- 
Daniell Freed
Computer Services
Dewitt, Ross, & Stevens S.C.

He who fights with monsters might take care 
lest he thereby become a monster. 
And if you gaze for long into an abyss, 
the abyss gazes also into you.

Beyond Good and Evil
Friedrich Wilhelm Nietzche

Follow-Ups:
- Re: acl question
  - From: Adam Shand <larry@spack.org>

Prev by Date: Re: starting openldap
Next by Date: Re: Database
Index(es):
- Chronological
- Thread