[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: acl question

To: Daniell Freed <dxf@dewittross.net>
Subject: Re: acl question
From: Adam Shand <larry@spack.org>
Date: Sun, 4 Mar 2001 23:05:09 -0800 (PST)
Cc: "Openldap-Software (E-mail)" <openldap-software@OpenLDAP.org>
In-reply-to: <3AA01D4C.3A4B783C@dewittross.net>

> I need to setup an acl where a specific user has write access to a
> particular ou and everything below it.  What I have tried to do is
> this:

acl's are parsed from most specific to least specific in two ways.  the
first "access to" that matches is the one that is used and then down the
list of "by X blah" the first one that matches is used.

> # access levels
> defaultaccess read
>
> access to * by dn="cn=manager,o=contacts.company.net" write

so this is the only acl that will be parsed because "access to *" matches
everything.  the lower acls will never be read.

read the section on acl's in the admin guide and there is a good bit in
the developers section of the faq-o-matic as well.

adam.

Follow-Ups:
- Re: acl question
  - From: Daniell Freed <dxf@dewittross.net>

References:
- acl question
  - From: Daniell Freed <dxf@dewittross.net>

Prev by Date: Re: Setting up LDAP and SSL
Next by Date: RE: Setting up LDAP and SSL
Index(es):
- Chronological
- Thread