[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: schema for netscape roaming server

To: "prune" <prune@lecentre.net>, <openldap-software@OpenLDAP.org>
Subject: RE: schema for netscape roaming server
From: "Michael Clark" <michael@metaparadigm.com>
Date: Mon, 2 Apr 2001 20:44:19 +0800
Importance: Normal
In-reply-to: <3AC1AB05.30306@lecentre.net>

> maybe I should add something like :
>
> access to
> dn="nsLIProfilename=default,uid=*,ou=users,ou=lecentre.net,dc=lecentre,dc=net"
>           by dnattr=owner write
>

I had a bug in the ACL i posted (erroneous ',')

> > access to dn=".*,nsLIProfilename=.*,uid=.*,dc=metaparadigm,dc=com"
> >         by dnattr=owner write

This is what I have now:

access to dn=".*nsLIProfilename=.*,uid=.*,dc=metaparadigm,dc=com"
         by dnattr=owner write

or in your case:

dn=".*nsLIProfilename=default,uid=.*,ou=users,ou=lecentre.net,dc=lecentre,dc=net
"
          by dnattr=owner write

It should be specified before any more general ACLs so netscape profiles are not
readable by other users (otherwise they could decode the base64 encoded
passwords that Netscape stores in its preferences)

Anyway, works for me.

~mc

Prev by Date: Re: schema for netscape roaming server (fwd)
Next by Date: NOOP operation in LDAP
Index(es):
- Chronological
- Thread